Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Quest Subscribe
Total 130 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17421 1 Quest 1 Netvault Backup 2019-10-09 7.5 HIGH 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4232.
CVE-2018-11186 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
CVE-2017-6554 1 Quest 1 Privilege Manager 2019-10-02 9.0 HIGH 7.2 HIGH
pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.
CVE-2018-11138 1 Quest 1 Kace System Management Appliance 2019-10-02 10.0 HIGH 9.8 CRITICAL
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
CVE-2018-11139 1 Quest 1 Kace System Management Appliance 2019-10-02 9.0 HIGH 8.8 HIGH
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.
CVE-2018-11142 1 Quest 1 Kace System Management Appliance 2019-10-02 2.1 LOW 5.5 MEDIUM
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.
CVE-2018-11143 1 Quest 1 Disk Backup 2019-10-02 7.5 HIGH 9.8 CRITICAL
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).
CVE-2018-11144 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
CVE-2018-11145 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
CVE-2018-11146 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
CVE-2018-11147 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
CVE-2018-11148 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
CVE-2018-11149 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
CVE-2018-11150 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
CVE-2018-11151 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 7.2 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
CVE-2018-11152 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
CVE-2018-11153 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
CVE-2018-11154 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
CVE-2018-11155 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
CVE-2018-11156 1 Quest 1 Disk Backup 2019-10-02 6.5 MEDIUM 8.8 HIGH
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).