531 matches found
CVE-2009-3759
CVE-2009-3759 concerns multiple CSRF vulnerabilities in the XenServer Resource Kit sample code used by Citrix XenCenterWeb. The issues allow remote attackers to hijack administrator authentication to trigger (1) password changes via config/changepw.php and (2) VM stopping via hardstopvm.php (stop...
CVE-2009-3758
CVE-2009-3758 is a SQL injection in login.php of the XenServer Resource Kit / XenCenterWeb. The vulnerability allows remote attackers to execute arbitrary SQL commands via the username parameter, as described in NVD/NIST and mirrored in multiple sources. Public exploit coverage is indicated by a ...
CVE-2009-3758
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...
CVE-2009-3760
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party...
PT-2009-6003 · Citrix · Citrix Xencenterweb
Name of the Vulnerable Software and Affected Versions: Citrix XenCenterWeb affected versions not specified Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow...
Citrix XenCenterWeb Multiple Vulnerabilities
Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero [email protected] - Claudio...
CVE-2008-3253
Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...
Cross site scripting
Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...
CVE-2008-3253
CVE-2008-3253 describes a cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces of Citrix XenServer family products (Express, Standard, Enterprise 4.1.0; Dell Edition 4.1.0; HP integrated XenServer 4.1.0). The vulnerability allows remote attackers to inject arbitrary web script o...
CVE-2008-3253
Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...
Citrix XenServer XenAPI HTTP接口跨站脚本漏洞
BUGTRAQ ID: 30265 Citrix XenServer产品线是一种企业级平台,通过灵活的聚合计算和存储资源对数据中心的服务器虚拟化进行管理。 XenServer的XenAPI HTTP接口存在跨站脚本漏洞,如果向XenServer发送了特制的URL的话,响应中会包含有未经正确转义的请求URL,导致在用户浏览器中执行客户端脚本。 Citrix XenServer 4.1 Citrix ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.citrix.com...