2 matches found
LANDesk管理网关工具跨站脚本和跨站请求伪造漏洞
BUGTRAQ ID: 38119 CVE ID: CVE-2010-0368,CVE-2010-0369 LANDesK管理网关工具是安全的系统管理套件。 Landesk管理网关工具没有充分验证提交特制请求的用户,当Web应用接收到删除之前所生成备份的请求时,会由 gsb/BackupRestoreTab.php处理该请求: /----- 19 $cmd = "sudo /subin/backuptool --delete $POST'delBackupName'"; 20 exec$cmd; 21 $msg = "Successfully Removed:...
LANDesk command injection
Advisory ID Internal CORE-2010-0104 1. Advisory Information Title: LANDesk command injection Advisory Id: CORE-2010-0104 Date published: 2010-02-04 Date of last update: 2010-02-04 Vendors contacted: LANDesk Team Release mode: Coordinated release 2. Vulnerability Information Class: Cross site...