Quest Security Vulnerabilities

CVE-2018-11154

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).

CVE-2018-11155

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).

CVE-2018-11156

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).

CVE-2018-11157

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).

CVE-2018-11158

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).

CVE-2018-11159

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).

CVE-2018-11160

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).

CVE-2018-11161

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).

CVE-2018-11162

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).

CVE-2018-11163

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).

CVE-2018-11164

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).

CVE-2018-11165

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).

CVE-2018-11166

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).

CVE-2018-11167

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).

CVE-2018-11168

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).

CVE-2018-11169

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).

CVE-2018-11170

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).

CVE-2018-11171

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).

CVE-2018-11172

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).

CVE-2018-11173

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).

CVE-2018-11174

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).

CVE-2018-11175

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).

CVE-2018-11176

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).

CVE-2018-11177

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).

CVE-2018-11178

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).

CVE-2018-11179

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).

CVE-2018-11180

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).

CVE-2018-11181

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).

CVE-2018-11182

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).

CVE-2018-11183

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).

CVE-2018-11184

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).

CVE-2018-11185

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).

CVE-2018-11186

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).

CVE-2018-11187

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).

CVE-2018-11188

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).

CVE-2018-11189

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).

CVE-2018-11190

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).

CVE-2018-11191

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).

CVE-2018-11192

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).

CVE-2018-11193

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).

CVE-2018-11194

Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).

CVE-2018-1161

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request,...

CVE-2018-1162

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exist...

CVE-2018-1163

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critic...

CVE-2018-5404

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. A...

CVE-2018-5405

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other...

CVE-2018-5406

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator accou...

CVE-2019-10973

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.

CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not prop...

CVE-2019-12917

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.