VYPR

Kace K1000 Systems Management Appliance

by Dell

CVEs (4)

  • CVE-2014-125113CriAug 5, 2025
    risk 0.64cvss epss 0.01

    An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary…

  • CVE-2019-20504CriMar 9, 2020
    risk 0.64cvss 9.8epss 0.10

    service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.

  • CVE-2014-1671Jan 26, 2014
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to…

  • CVE-2014-0330Feb 6, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.