5 matches found
LANDesk Management Gateway 'gsb/drivers.php'代码注入漏洞
No description provided by source. 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date published: 2010-11-10 Date of last update: 2010-11-10 Vendors contacted:...
LANDesk管理套件HTML表单请求命令注入漏洞
BUGTRAQ ID: 44781 CVE ID: CVE-2010-2892 Landesk管理套件是一款网络管理系统,可控制桌面,服务器和移动设备等。 Landesk没有正确地验证提交特制请求的用户来源。如果管理员使用攻击者的浏览器登录到了设备,攻击者就可以以gsbadmin用户权限执行任意代码。 LANDesk Software LANDesk Management Gateway 4.2 GSBWEB v1.61 LANDesk Software LANDesk Management Gateway 4.0 GSBWEB v1.61s 临时解决方法: 1...
CVE-2010-2892
The CVE-2010-2892 vulnerability affects LANDesk Management Gateway 4.0 (GSBWEB v1.61s) and 4.2 (GSBWEB v1.61), where the gsb/drivers.php component processes the DRIVES parameter without proper validation. This allows remote authenticated administrators to execute arbitrary commands via shell meta...
Landesk - OS command Injection
Landesk - OS command Injection 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date published: 2010-11-10 Date of last update: 2010-11-10 Vendors contacted: LANDesk...
Landesk - OS command Injection
Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date published: 2010-11-10 Date of last update: 2010-11-10 Vendors contacted: LANDesk Release mode: Coordinated...