Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quest vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23772
An issue exists in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local malicious users to create any file of their choice with NT Authority\SYSTEM...
1 Github repository
NA
CVE-2024-23773
An issue exists in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.
1 Github repository
NA
CVE-2024-23774
An issue exists in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local malicious users to execute code of their choice with NT Authority\SYSTEM privileges.
1 Github repository
NA
CVE-2023-48118
SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote malicious user to execute arbitrary code via a crafted request to the Common.svc WSDL page.
Quest-analytics Iqcrm 2023.9.5
1 Github repository
NA
CVE-2024-21625
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs ...
Sidequestvr Sidequest
NA
CVE-2023-33254
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication setting...
Quest Kace Systems Deployment Appliance 9.0.146
NA
CVE-2022-38220
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) up to and including 12.1 that may allow remote injection of arbitrary web script or HTML.
Quest Kace Systems Management Appliance
NA
CVE-2022-30285
In Quest KACE Systems Management Appliance (SMA) up to and including 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
Quest Kace Systems Management Appliance
NA
CVE-2022-29807
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) up to and including 12.0 that can allow for remote code execution via download_agent_installer.php.
Quest Kace Systems Management Appliance
NA
CVE-2022-29808
In Quest KACE Systems Management Appliance (SMA) up to and including 12.0, predictable token generation occurs when appliance linking is enabled.
Quest Kace Systems Management Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »