Sql injection

LDMS/alertlog.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request...

Ivanti Endpoint Manager Cross-Site Scripting Vulnerability

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager version 2020.1.1 and prior versions that originates in /LDMS/frmsplitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frmsplitcollapse.aspx, /LDMS...

CVE-2019-12375

Open directories in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution...

CVE-2019-12376

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...

Remote code execution

A vulnerable upl/asyncupload.asp web API endpoint in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution...

CVE-2019-12373

CVE-2019-12373 affects Ivanti LANDESK Management Suite (LDMS/Endpoint Manager) 10.0.1.168 Service Update 5. The cited issue is improper access control and open directories that may enable remote disclosure of administrator passwords. Root cause described as improper access control with exposed di...

CVE-2019-12374

The CVE-2019-12374 entry describes a SQL Injection in Ivanti LANDESK Management Suite (LDMS/Endpoint Manager) version 10.0.1.168 Service Update 5, caused by improper username sanitization in the Basic Authentication path: core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...

CVE-2019-12375

Ivanti LANDESK Management Suite (LDMS / Endpoint Manager) 10.0.1.168 Service Update 5 is affected. The CVE notes an open-directory issue that could enable remote information disclosure and arbitrary code execution. The connected Red Hat and CNVD entries corroborate the affected product/version bu...

CVE-2019-12376

The CVE-2019-12376 entry concerns Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5, where a hard-coded encryption key is implicated. Red Hat and NVD records corroborate the description of a potential full compromise of managed endpoints by an authenticated ...

CVE-2008-6195

Directory traversal vulnerability in the PXE TFTP Service PXEMTFTP.exe in LANDesk Management Suite LDMS 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643...

CVE-2008-6195

CVE-2008-6195: A directory traversal in LANDesk Management Suite (LDMS) PXE TFTP Service (PXEMTFTP.exe) allows remote attackers to read arbitrary files via a subdirectory name followed by .. sequences. Affected product is LDMS 8.80.1.1 and earlier. The issue targets the PXE TFTP Service and resul...

CVE-2008-1643

CVE-2008-1643 describes a directory traversal vulnerability in LANDesk Management Suite (LDMS)’s PXE TFTP Service (PXEMTFTP.exe). Affected versions are LDMS 8.7 SP5 and earlier and 8.8. The flaw allows remote attackers to read arbitrary files via unspecified vectors in the PXE TFTP service. The a...