Lucene search
K

531 matches found

CVE
CVE
added 2009/10/22 5:0 p.m.55 views

CVE-2009-3759

CVE-2009-3759 concerns multiple CSRF vulnerabilities in the XenServer Resource Kit sample code used by Citrix XenCenterWeb. The issues allow remote attackers to hijack administrator authentication to trigger (1) password changes via config/changepw.php and (2) VM stopping via hardstopvm.php (stop...

8.8CVSS9.2AI score0.02289EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2009/10/22 5:0 p.m.44 views

CVE-2009-3758

CVE-2009-3758 is a SQL injection in login.php of the XenServer Resource Kit / XenCenterWeb. The vulnerability allows remote attackers to execute arbitrary SQL commands via the username parameter, as described in NVD/NIST and mirrored in multiple sources. Public exploit coverage is indicated by a ...

7.5CVSS8.4AI score0.01154EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2009/10/22 5:0 p.m.24 views

CVE-2009-3758

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

8.4AI score0.01154EPSS
Exploits1References7
Cvelist
Cvelist
added 2009/10/22 5:0 p.m.26 views

CVE-2009-3760

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party...

7.2AI score0.02735EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2009/10/22 12:0 a.m.6 views

PT-2009-6003 · Citrix · Citrix Xencenterweb

Name of the Vulnerable Software and Affected Versions: Citrix XenCenterWeb affected versions not specified Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow...

8.8CVSS9.1AI score0.02289EPSS
Exploits1References9
securityvulns
securityvulns
added 2009/07/08 12:0 a.m.52 views

Citrix XenCenterWeb Multiple Vulnerabilities

Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero [email protected] - Claudio...

0.6AI score
Exploits0
NVD
NVD
added 2008/07/22 4:41 p.m.25 views

CVE-2008-3253

Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...

4.3CVSS5.7AI score0.01969EPSS
Exploits0References6
Prion
Prion
added 2008/07/22 4:41 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...

4.3CVSS6.1AI score0.01969EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2008/07/22 4:0 p.m.48 views

CVE-2008-3253

CVE-2008-3253 describes a cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces of Citrix XenServer family products (Express, Standard, Enterprise 4.1.0; Dell Edition 4.1.0; HP integrated XenServer 4.1.0). The vulnerability allows remote attackers to inject arbitrary web script o...

4.3CVSS5.7AI score0.01969EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/07/22 4:0 p.m.23 views

CVE-2008-3253

Cross-site scripting XSS vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition Express and Enterprise 4.1.0; and HP integrated Citrix XenServer Select and Enterprise 4.1.0 allows remote attackers to inject...

5.7AI score0.01969EPSS
Exploits0References6
seebug.org
seebug.org
added 2008/07/18 12:0 a.m.22 views

Citrix XenServer XenAPI HTTP接口跨站脚本漏洞

BUGTRAQ ID: 30265 Citrix XenServer产品线是一种企业级平台,通过灵活的聚合计算和存储资源对数据中心的服务器虚拟化进行管理。 XenServer的XenAPI HTTP接口存在跨站脚本漏洞,如果向XenServer发送了特制的URL的话,响应中会包含有未经正确转义的请求URL,导致在用户浏览器中执行客户端脚本。 Citrix XenServer 4.1 Citrix ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.citrix.com...

6.9AI score
Exploits0
Rows per page
Query Builder