[CLOSE] OSVDB ID : 19296 - Disclosed: 2005-08-20

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.php' script not properly sanitizing user-supplied input to the 's', 'x', 'n' and 'm' variables. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19299 - Disclosed: 2005-08-29

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19297 - Disclosed: 2005-08-20

Description:

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'c', 'm' and 'w' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33344 - Disclosed: 2006-12-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.

[CLOSE] OSVDB ID : 19293 - Disclosed: 2005-08-20

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'journal.php' script not properly sanitizing user-supplied input to the 'm' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19295 - Disclosed: 2005-08-20

Description:

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'w' variable upon submission to the 'journal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19292 - Disclosed: 2005-08-20

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'links.php' script not properly sanitizing user-supplied input to the 'w' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19294 - Disclosed: 2005-08-20

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'list.php' script not properly sanitizing user-supplied input to the 'o', 'w', 's', 'p' and 'c' variables. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19505 - Disclosed: 2005-09-13

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'plug.php' script not properly sanitizing user-supplied input to the 'e' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 11302 - Disclosed: 2004-10-30

Description:

Land Down Under contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "h" variable in the plug.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 31433 - Disclosed: 2006-04-27

Description:

(Description Provided by CVE) : plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.

[CLOSE] OSVDB ID : 32036 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 19585 - Disclosed: 2005-09-21

Description:

Land Down Under contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified scripts not properly sanitizing user-supplied input to the 'Referer' HTTP header. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19298 - Disclosed: 2005-08-28

Description:

Land Down Under contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user signatures for arbitrary web script or HTML. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 31953 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).

[CLOSE] OSVDB ID : 11299 - Disclosed: 2004-10-30

Description:

Land Down Under contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "s", "w" and "d" variables in the users.php module are not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 3222 - Disclosed: 2003-12-27

Description:

LANDesk Software contains a flaw that may allow a malicious user to execute code on a vulnerable host. The issue is triggered when a web page containing a call to the vulnerable ActiveX control along with a malicious argument occurs. It is possible that the flaw may allow the attacker to execute arbitrary code on the vulnerable host with privileges of the browser user, resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 62136 - Disclosed: 2010-02-03

Description:

LANDesk Management Gateway contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such us inject and execute arbitrary shell commands. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 69251 - Disclosed: 2010-11-10

Description:

LANDesk Management Gatewa contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions in the gsp/drivers.php script's shell metacharacters in the 'DRIVES' parameter. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 62137 - Disclosed: 2010-02-03

Description:

LANDesk Management Gateway contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate an unspecified parameter upon submission to an unspecified script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 34964 - Disclosed: 2007-04-13

Description:

A buffer overflow exists in LANDesk Management Suite. The Alert Service fails to validate data received on UDP port 65535 resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 54671 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.

[CLOSE] OSVDB ID : 43982 - Disclosed: 2008-03-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.

[CLOSE] OSVDB ID : 58010 - Disclosed: 2009-05-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58011 - Disclosed: 2009-05-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48123 - Disclosed: 2008-09-12

Description:

(Description Provided by CVE) : Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.

[CLOSE] OSVDB ID : 10964 - Disclosed: 2004-10-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21434 - Disclosed: 2005-12-05

Description:

LandShop contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker inserts arbitrary data into the 'lang' variable in the 'ls.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 21433 - Disclosed: 2005-12-05

Description:

LandShop contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'ls.php' script not properly sanitizing user-supplied input to the 'search_order', 'search_type', 'keyword', and 'search_area' variables. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 30277 - Disclosed: 2006-11-09

Description:

(Description Provided by CVE) : SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.