Showing 1 - 1 of 1

CVE-2018-11139

Status Candidate

Overview

The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.

Related Files

Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection: Posted May 31, 2018; Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com; Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.; tags | exploit, remote, vulnerability, code execution, xss, sql injection; advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142; SHA-256 | fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2018-11139

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems