CVE-2016-3147
https://notcve.org/view.php?id=CVE-2016-3147
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. Desbordamiento de búfer en el listener collector.exe de Landesk Management Suite 10.0.0.271 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un paquete grande. • http://www.securityfocus.com/bid/93565 https://www.securifera.com/advisories/cve-2016-3147 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-5362 – Landesk Management Suite 9.5 RFI / CSRF
https://notcve.org/view.php?id=CVE-2014-5362
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx. La interfaz de administrador en Landesk Management Suite 9.6 y anteriores permite que los atacantes remotos lleven a cabo ataques de inclusión remota de archivos que involucren páginas ASPX de páginas externas a través del parámetro d en (1) ldms/sm_actionfrm.asp, (2) remote/frm_coremainfrm.aspx o el (3) parámetro top en remote/frm_splitfrm.aspx. Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities. • http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html http://www.securityfocus.com/archive/1/535286/100/1100/threaded http://www.securityfocus.com/bid/74190 http://www.securitytracker.com/id/1032203 • CWE-20: Improper Input Validation •
CVE-2014-5361 – Landesk Management Suite 9.5 RFI / CSRF
https://notcve.org/view.php?id=CVE-2014-5361
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx. Múltiples vulnerabilidades de CSRF en Landesk Management Suite 9.6 y anteriores permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) inician, (2) paran o (3) reinician a través de una solicitud a remote/serverServices.aspx. Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities. • http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html http://www.securityfocus.com/archive/1/535286/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-5360 – Landesk Management Suite 9.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-5360
Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. Vulnerabilidad de XSS en la interfaz de administración en LANDESK Management Suite anterior a 9.6 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro AMTVersion en remote/serverlist_grouptree.aspx. Landesk Management Suite version 9.5 suffers from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2015/Feb/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-6195 – LANDesk Management Suite 8.80.1.1 - PXE TFTP Service Directory Traversal
https://notcve.org/view.php?id=CVE-2008-6195
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643. Vulnerabilidad de salto de directorio en el servicio PXE TFTP PXEMTFTP.exe) en LANDesk Management Suite (LDMS) v8.80.1.1 y versiones anteriores permite a atacantes remotos leer ficheros de su elección a través del nombre del subdirectorio seguido por secuencias "..", una vulnerabilidad diferente a CVE-2008-1643. • https://www.exploit-db.com/exploits/31591 http://community.landesk.com/support/docs/DOC-2659 http://www.securityfocus.com/archive/1/490390/100/0/threaded http://www.securityfocus.com/bid/28577 https://exchange.xforce.ibmcloud.com/vulnerabilities/48852 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •