CVSS: 7.2EPSS: 5%CPEs: 1EXPL: 1CVE-2014-5362 – Landesk Management Suite 9.5 RFI / CSRF
https://notcve.org/view.php?id=CVE-2014-5362
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx. La interfaz de administrador en Landesk Management Suite 9.6 y anteriores permite que los atacantes remotos lleven a cabo ataques de inclusión remota de archivos que involucren páginas ASPX de páginas externas a través del parámetro d en (1) ldms/sm_actionfrm.asp, (2) remote/frm_coremainfrm.aspx o el (3) parámetro top en remote/frm_splitfrm.aspx. Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities. • http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html http://www.securityfocus.com/archive/1/535286/100/1100/threaded http://www.securityfocus.com/bid/74190 http://www.securitytracker.com/id/1032203 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-5361 – Landesk Management Suite 9.5 RFI / CSRF
https://notcve.org/view.php?id=CVE-2014-5361
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx. Múltiples vulnerabilidades de CSRF en Landesk Management Suite 9.6 y anteriores permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) inician, (2) paran o (3) reinician a través de una solicitud a remote/serverServices.aspx. Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities. • http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html http://www.securityfocus.com/archive/1/535286/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-5360 – Landesk Management Suite 9.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-5360
Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. Vulnerabilidad de XSS en la interfaz de administración en LANDESK Management Suite anterior a 9.6 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro AMTVersion en remote/serverlist_grouptree.aspx. Landesk Management Suite version 9.5 suffers from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2015/Feb/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 1CVE-2008-6195 – LANDesk Management Suite 8.80.1.1 - PXE TFTP Service Directory Traversal
https://notcve.org/view.php?id=CVE-2008-6195
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643. Vulnerabilidad de salto de directorio en el servicio PXE TFTP PXEMTFTP.exe) en LANDesk Management Suite (LDMS) v8.80.1.1 y versiones anteriores permite a atacantes remotos leer ficheros de su elección a través del nombre del subdirectorio seguido por secuencias "..", una vulnerabilidad diferente a CVE-2008-1643. • https://www.exploit-db.com/exploits/31591 http://community.landesk.com/support/docs/DOC-2659 http://www.securityfocus.com/archive/1/490390/100/0/threaded http://www.securityfocus.com/bid/28577 https://exchange.xforce.ibmcloud.com/vulnerabilities/48852 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 40%CPEs: 6EXPL: 0CVE-2008-2468
https://notcve.org/view.php?id=CVE-2008-2468
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments. Múltiples desbordamientos del búfer en el Servicio Servidor QIP (también conocido como qipsrvr.exe) en LANDesk Management Suite, Security Suite y Server Manager 8.8 y anteriores; permiten a atacantes remotos ejecutar código de su elección a través de una solicitud de cierre manipulada. Está relacionado con los argumentos StringToMap y StringSize. • http://community.landesk.com/support/docs/DOC-3276 http://dvlabs.tippingpoint.com/advisory/TPTI-08-06 http://secunia.com/advisories/31888 http://securityreason.com/securityalert/4269 http://www.kb.cert.org/vuls/id/538011 http://www.securityfocus.com/archive/1/496369/100/0/threaded http://www.securityfocus.com/bid/31193 http://www.securitytracker.com/id?1020888 http://www.vupen.com/english/advisories/2008/2588 https://exchange.xforce.ibmcloud.com/vulnerabilities/45154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •