7 matches found
CVE-2011-4047
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access...
CVE-2011-4436
Multiple cross-site scripting XSS vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-4046
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code...
Code injection
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-4046
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext inside a PHP script, enabling context-dependent attackers to read sensitive data from script source. Several connected sources corroborate that this flaw can lead to privilege abuse and unauthorized ...
CVE-2011-4048
Dell KACE K2000 System Deployment Appliance is affected by CVE-2011-4048 due to a default username/password for the read-only reporting account, enabling remote attackers to access the database and obtain sensitive information. The issue is described in multiple sources referencing default creden...