VYPR

Vendor CVEs

Quest

All CVEs

139 total · sorted by risk
  • CVE-2018-11161HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).

  • CVE-2018-11160HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).

  • CVE-2018-11159HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).

  • CVE-2018-11158HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).

  • CVE-2018-11157HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).

  • CVE-2018-11156HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).

  • CVE-2018-11155HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).

  • CVE-2018-11154HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).

  • CVE-2018-11153HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).

  • CVE-2018-11152HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).

  • CVE-2018-11150HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).

  • CVE-2018-11149HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).

  • CVE-2018-11148HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).

  • CVE-2018-11147HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).

  • CVE-2018-11146HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).

  • CVE-2018-11145HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).

  • CVE-2018-11144HigJun 2, 2018
    risk 0.58cvss 8.8epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).

  • CVE-2025-32976HigJun 24, 2025
    risk 0.57cvss 8.8epss 0.01

    Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows…

  • CVE-2018-11194HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).

  • CVE-2018-11193HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).

  • CVE-2018-11192HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).

  • CVE-2018-11191HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).

  • CVE-2018-11190HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).

  • CVE-2018-11189HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.03

    Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).

  • CVE-2018-11135HigMay 31, 2018
    risk 0.57cvss 8.8epss 0.02

    The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.

  • CVE-2018-11134HigMay 31, 2018
    risk 0.57cvss 8.8epss 0.03

    In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password…

  • CVE-2018-1162HigFeb 8, 2018
    risk 0.53cvss 8.1epss 0.05

    This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The…

  • CVE-2017-6554HigApr 14, 2017
    risk 0.51cvss 7.2epss 0.16

    pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.

  • CVE-2025-32978HigJun 24, 2025
    risk 0.49cvss 7.5epss 0.01

    Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended…

  • CVE-2018-11184HigJun 2, 2018
    risk 0.47cvss 7.2epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).

  • CVE-2018-11163HigJun 2, 2018
    risk 0.47cvss 7.2epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).

  • CVE-2018-11151HigJun 2, 2018
    risk 0.47cvss 7.2epss 0.05

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).

  • CVE-2024-39708HigJun 28, 2024
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege…

  • CVE-2024-23772MedApr 30, 2024
    risk 0.43cvss 6.6epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT…

  • CVE-2018-11137MedMay 31, 2018
    risk 0.43cvss 6.5epss 0.06

    The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.

  • CVE-2024-52926MedNov 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

  • CVE-2025-12874MedDec 19, 2025
    risk 0.41cvss epss 0.00

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an…

  • CVE-2018-11133MedMay 31, 2018
    risk 0.40cvss 6.1epss 0.07

    The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.

  • CVE-2018-11142MedMay 31, 2018
    risk 0.36cvss 5.5epss 0.00

    The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST…

  • CVE-2012-5896Nov 17, 2012
    risk 0.09cvss epss 0.69

    The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized…

  • CVE-2019-20504Mar 9, 2020
    risk 0.04cvss epss 0.09

    service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.

  • CVE-2012-5897Nov 17, 2012
    risk 0.03cvss epss 0.04

    The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

  • CVE-2020-8868Mar 23, 2020
    risk 0.02cvss epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a…

  • CVE-2026-7569Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that…

  • CVE-2026-9787Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9786Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…

  • CVE-2026-9785Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9784Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9783Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…

  • CVE-2026-9782Jun 24, 2026
    risk 0.00cvss epss 0.01

    Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…