Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter. id: CVE-2019-20504 info: name: Dell KACE Systems Management Appliance K1000 6.4.120756 - Remote Code Execution...

EUVD-2014-9817

Malware in sbrugna...

EUVD-2018-17175

Malware in sbrugna...

EUVD-2017-4139

Malware in sbrugna...

EUVD-2014-1745

Malware in sbrugna...

CVE-2014-125113

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

CVE-2014-125113

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

CVE-2014-125113 Dell/Quest KACE K1000 Unauthenticated File Upload RCE

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

CVE-2014-125113

The Dell/Quest KACE K1000 System Management Appliance (versions 5.0–5.3, 5.4 before 5.4.76849, and 5.5 before 5.5.90547) is affected by an unauthenticated unrestricted file upload vulnerability in the download_agent.php endpoint. An attacker can upload PHP files to a temporary web‑accessible dire...

CVE-2014-125113 Dell/Quest KACE K1000 Unauthenticated File Upload RCE

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

Dell KACE K1000 System Management Appliance 安全漏洞

The Dell KACE K1000 System Management Appliance is a tool for IT systems and asset management from Dell USA. A security vulnerability exists in the Dell KACE K1000 System Management Appliance versions 5.0 through 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547, which stems from an...

CVE-2018-5405

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

CVE-2018-5406

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing CORS mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator accou...

CVE-2018-5404

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges 'User Console Only' role to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. A...

CVE-2019-20504

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...

VulnCheck KEV: CVE-2019-20504

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...

Quest Software KACE K1000 Systems Management Appliance Code Execution Vulnerability

The Quest Software KACE K1000 Systems Management Appliance KACE SMA is a systems management appliance from Quest Software, USA. A security vulnerability exists in the service/krashrpt.php file in Quest Software KACE SMA versions prior to 6.4 SP3 6.4.120822. A remote attacker can exploit the...

CVE-2019-20504

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...

CVE-2019-20504

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...

Code injection

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 6.4.120822 allows a remote attacker to execute code via shell metacharacters in the kuid parameter...