5 matches found
CVE-2021-44029
CVE-2021-44029 affects Quest KACE Desktop Authority prior to 11.2. The issue allows remote code execution via deserialization in the RadAsyncUpload function of ASP.NET AJAX; exploitation is possible when encryption keys are known (related to CVE-2017-11317/11357 or other means). In newer ASP.NET ...
CVE-2021-44031
CVE-2021-44031 concerns Quest KACE Desktop Authority prior to 11.2. The issue is described as a vulnerability in /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx that could enable pre-authentication remote code execution, with an attacker able to upload a .ASP file to reside ...
CVE-2021-44028
CVE-2021-44028 : XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to attacker-controlled log4net configuration files. The initial description ties the issue to a log4net configuration weakness (related to CVE-2018-1285). Connected documents do not provide further product-specific...
CVE-2021-44030
CVE-2021-44030 affects Quest KACE Desktop Authority before 11.2. The issue is a Cross-Site Scripting (XSS) vulnerability where untrusted HTML can reach jQuery.htmlPrefilter, as described across multiple connected sources. Root cause: unvalidated HTML reaches the jQuery prefilter. Impact: XSS pote...
CVE-2025-67813
CVE-2025-67813 affects Quest KACE Desktop Authority up to and including version 11.3.1. The vulnerability is insecure permissions on named pipes used for inter-process communication, exposing IPC to inappropriate access or manipulation. Impact is described in connected sources as insecure named p...