bug-bounty621
facebook427
xss316
google100
rce99
csrf60
microsoft56
web354
account-takeover53
writeup50
sqli41
apple38
ssrf34
cve33
exploit32
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
reverse-engineering15
race-condition15
cloud15
authentication-bypass14
solidity14
oauth12
info-disclosure12
aws12
browser11
phishing11
sql-injection11
delegatecall11
denial-of-service11
web-application-security10
web-security9
token-theft9
vulnerability9
responsible-disclosure9
0
vulnerability
An unauthenticated remote code execution vulnerability in Dell KACE K1000 Systems Management Appliance (version 6.3.113397 and earlier) exists in the /service/krashrpt.php endpoint, which fails to properly sanitize the kuid and name parameters before passing them to shell commands, allowing arbitrary code execution on the appliance and potentially all managed client endpoints. The vulnerability was silently patched by Dell in version 6.4 SP3 (6.4.120822) under bug ID K1-18652.
remote-code-execution
unauthenticated-rce
path-traversal
command-injection
bug-bounty
dell-kace
systems-management
php
vulnerability-disclosure
silent-patch
CVE-2019-XXXX
K1-18652
Dell KACE K1000
Quest Software Inc
Julien Ahrens
Dropbox
H1-3120