Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3183

Malware in sbrugna...

9.8CVSS9.5AI score0.02021EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34129

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00603EPSS
Exploits0References2
Prion
Prion
added 2018/05/31 6:29 p.m.14 views

Authorization

The 'systemui/settingsnetwork.php' and 'systemui/settingspatching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'XForwardedFor' HTTP headers in a POST request. An anonymous user c...

2.1CVSS6.4AI score0.00423EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2018/05/31 6:29 p.m.19 views

Design/Logic Flaw

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password including root. A...

9CVSS9.1AI score0.03016EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2018/05/31 6:29 p.m.22 views

CVE-2018-11134

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password including root. A...

9CVSS8.8AI score0.03016EPSS
Exploits3References1
NVD
NVD
added 2018/05/31 6:29 p.m.16 views

CVE-2018-11138

The '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system...

10CVSS9.8AI score0.91931EPSS
Exploits7References3
Prion
Prion
added 2018/05/31 6:29 p.m.17 views

Design/Logic Flaw

The '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system...

10CVSS9.6AI score0.91931EPSS
Exploits7References2Affected Software1
NVD
NVD
added 2018/05/31 6:29 p.m.21 views

CVE-2018-11133

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting...

6.1CVSS6AI score0.07271EPSS
Exploits3References1
NVD
NVD
added 2018/05/31 6:29 p.m.15 views

CVE-2018-11142

The 'systemui/settingsnetwork.php' and 'systemui/settingspatching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'XForwardedFor' HTTP headers in a POST request. An anonymous user c...

5.5CVSS5.6AI score0.00423EPSS
Exploits3References1
Prion
Prion
added 2018/05/31 6:29 p.m.14 views

Cross site scripting

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting...

4.3CVSS6.5AI score0.07271EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2018/05/31 6:29 p.m.16 views

Design/Logic Flaw

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

6CVSS8.9AI score0.02069EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2018/05/31 6:29 p.m.20 views

Sql injection

The 'orgID' parameter received by the '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection in particular, a blind time-based type...

7.5CVSS9.7AI score0.01387EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2018/05/31 6:0 p.m.24 views

CVE-2018-11133

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting...

6.5AI score0.07271EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/05/31 6:0 p.m.21 views

CVE-2018-11132

In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue...

9AI score0.18285EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/05/31 6:0 p.m.20 views

CVE-2018-11141

The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...

9AI score0.02021EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/05/31 6:0 p.m.25 views

CVE-2018-11134

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password including root. A...

8.9AI score0.03016EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/05/31 6:0 p.m.21 views

CVE-2018-11139

The '/common/ajaxemailconnectiontest.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TESTSERVER'...

9.1AI score0.42917EPSS
Exploits3References1
CVE
CVE
added 2018/05/31 6:0 p.m.66 views

CVE-2018-11139

The CVE-2018-11139 entry describes a command injection in Quest KACE System Management Appliance 8.0.318 via the authenticated-accessible /common/ajax_email_connection_test.php endpoint. The vulnerability allows an authenticated user to inject commands through the unsanitized TEST_SERVER paramete...

9CVSS9AI score0.42917EPSS
Exploits3References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/05/31 12:0 a.m.16 views

CVE-2018-11138

The ‘/common/downloadagentinstaller.php’ script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.4AI score0.91931EPSS
In wildExploits7References4
Rows per page
Query Builder