|
248001
|
9.8 |
CRITICAL
Network
|
quest
|
disk_backup
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).
|
CWE-78
OS Command
|
CVE-2018-11143
|
2024-11-21 12:42 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248002
|
7.5 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. I…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11196
|
2024-11-21 12:42 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248003
|
6.8 |
MEDIUM
Physics
|
mahara
|
mahara
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web brow…
|
CWE-200
Information Exposure
|
CVE-2018-11195
|
2024-11-21 12:42 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248004
|
5.5 |
MEDIUM
Local
|
quest
|
kace_system_management_appliance
|
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypa…
|
CWE-863
Incorrect Authorization
|
CVE-2018-11142
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248005
|
9.8 |
CRITICAL
Network
|
quest
|
kace_system_management_appliance
|
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files …
|
CWE-22
Path Traversal
|
CVE-2018-11141
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248006
|
9.8 |
CRITICAL
Network
|
quest
|
kace_system_management_appliance
|
The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-base…
|
CWE-89
SQL Injection
|
CVE-2018-11140
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248007
|
8.8 |
HIGH
Network
|
quest
|
kace_system_management_appliance
|
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on th…
|
CWE-78
OS Command
|
CVE-2018-11139
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248008
|
9.8 |
CRITICAL
Network
|
quest
|
kace_system_management_appliance
|
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
|
CWE-78
OS Command
|
CVE-2018-11138
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248009
|
6.5 |
MEDIUM
Network
|
quest
|
kace_system_management_appliance
|
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Director…
|
CWE-22
Path Traversal
|
CVE-2018-11137
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248010
|
9.8 |
CRITICAL
Network
|
quest
|
kace_system_management_appliance
|
The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a …
|
CWE-89
SQL Injection
|
CVE-2018-11136
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
