Lucene search
K

176 matches found

NVD
NVD
added 2019/11/06 3:15 p.m.25 views

CVE-2019-13078

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...

8.8CVSS9.2AI score0.01235EPSS
Exploits0References2
NVD
NVD
added 2019/11/06 3:15 p.m.19 views

CVE-2019-13079

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...

8.8CVSS9.2AI score0.01235EPSS
Exploits0References2
OSV
OSV
added 2019/11/06 3:15 p.m.5 views

CVE-2019-12917

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/softwarelibrary.php component via the PATHINFO...

6.1CVSS5.8AI score0.00961EPSS
Exploits0References2
NVD
NVD
added 2019/11/06 3:15 p.m.25 views

CVE-2019-13080

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

5.4CVSS5.5AI score0.00781EPSS
Exploits0References2
Prion
Prion
added 2019/11/06 3:15 p.m.14 views

Design/Logic Flaw

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the samdetailtitled.php SAMTYPE parameter that allows an attacker to create a malicious link in order to attack authenticated users...

4.3CVSS5.8AI score0.00961EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/11/06 3:15 p.m.3 views

CVE-2019-13081

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...

5.4CVSS5.9AI score0.00781EPSS
Exploits0References4
Prion
Prion
added 2019/11/06 3:15 p.m.19 views

Sql injection

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...

6.5CVSS9.1AI score0.01235EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/11/06 3:15 p.m.12 views

Design/Logic Flaw

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...

3.5CVSS5.5AI score0.00781EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/11/06 3:15 p.m.1 views

CVE-2019-13079

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...

8.8CVSS6.3AI score0.01235EPSS
Exploits0References4
Prion
Prion
added 2019/11/06 3:15 p.m.18 views

Sql injection

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...

6.5CVSS9.1AI score0.01235EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/06 2:55 p.m.20 views

CVE-2019-13081

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...

5.6AI score0.00781EPSS
Exploits0References2
CVE
CVE
added 2019/11/06 2:55 p.m.52 views

CVE-2019-13081

CVE-2019-13081 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The web application vulnerability permits an authenticated user to inject and execute arbitrary JavaScript in a service desk user’s browser via the title field in /common/ticket_associated_tickets.php. The root ...

5.4CVSS5.5AI score0.00781EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/06 2:53 p.m.46 views

CVE-2019-13080

The CVE-2019-13080 vulnerability affects Quest KACE Systems Management Appliance Server Center 9.1.317. A cross-site scripting (XSS) flaw exists in the web interface that can be triggered via an SVG image and an HTML file, allowing an authenticated administrator to have arbitrary JavaScript execu...

5.4CVSS5.5AI score0.00781EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/06 2:53 p.m.43 views

CVE-2019-13079

CVE-2019-13079 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is an SQL injection in the /adminui/history_log.php endpoint, targeting the TYPE_NAME parameter. An authenticated user can potentially alter the database or execute arbitrary commands via the i...

8.8CVSS9.1AI score0.01235EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/06 2:52 p.m.25 views

CVE-2019-13078

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...

9.2AI score0.01235EPSS
Exploits0References2
CVE
CVE
added 2019/11/06 2:52 p.m.42 views

CVE-2019-13078

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection in /common/user_profile.php (parameter sort_column). An authenticated user can execute arbitrary SQL commands against the underlying database. Root cause cited in CNVD reports as lack of validation of ext...

8.8CVSS9.1AI score0.01235EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/06 2:50 p.m.20 views

CVE-2019-13077

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the samdetailtitled.php SAMTYPE parameter that allows an attacker to create a malicious link in order to attack authenticated users...

5.9AI score0.00961EPSS
Exploits0References2
CVE
CVE
added 2019/11/06 2:50 p.m.49 views

CVE-2019-13077

CVE-2019-13077 affects Quest KACE Systems Management Appliance Server Center version 9.1.317, where an XSS flaw is exploitable via the sam_detail_titled.php SAM_TYPE parameter. This allows an attacker to craft a malicious link that could execute script in the context of authenticated users. Root ...

6.1CVSS5.8AI score0.00961EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/06 2:49 p.m.47 views

CVE-2019-13076

CVE-2019-13076 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is a SQL injection in the /userui/ticket_list.php component, using parameters order[0][column] and order[0][dir]. An authenticated user can potentially execute arbitrary SQL commands against th...

8.8CVSS9.1AI score0.01235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/06 2:45 p.m.49 views

CVE-2019-12918

CVE-2019-12918 affects Quest KACE Systems Management Appliance Server Center v9.1.317. Multiple connected sources confirm a SQL injection vulnerability in the file software_library.php, targeting parameters order[0][column] and order[0][dir]. The root cause is insufficient validation of externall...

9.8CVSS9.7AI score0.01053EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder