exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Aureliano Calvo

Core Security Technologies Advisory 2010.1018

Posted Nov 11, 2010

Authored by Core Security Technologies, Aureliano Calvo | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: The Landesk web application does not sufficiently verify if a well-formed request was provided by the user who submitted the request. Using this information an external remote attacker can run arbitrary code using the 'gsbadmin' user (that is the user running the web-server). In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).

tags | exploit, remote, web, arbitrary

advisories | CVE-2010-2892

SHA-256 | 3dc2b0c9c31c4becfd753be92f87f46eef1496e094193a2f7775f7b49bd1734b

Download | Favorite | View

Core Security Technologies Advisory 2010.0104

Posted Feb 6, 2010

Authored by Core Security Technologies, Adrian Manrique, Aureliano Calvo | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.

tags | exploit, remote, arbitrary, kernel, root, csrf

advisories | CVE-2010-0368, CVE-2010-0369

SHA-256 | 503f2b9ce130e8c9fd7df36be1f7004846c5609f67a25cc3666a370cdbd97a49

Download | Favorite | View