CVE-2013-2136

Multiple cross-site scripting XSS vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Physical network name to the Zone wizard; 2 New network name, 3 instance name, or 4 group to the Instance wizard; 5 unspecified "multi-edit...

CVE-2013-2136

Apache CloudStack UI contains multiple cross-site scripting (XSS) vulnerabilities in versions up to 4.1.0, allowing authenticated/remote attackers to inject arbitrary script or HTML via fields in Zone, Network, Instance, global settings, and other UI inputs. The issue is fixed by upgrading to Clo...

Apache CloudStack多个跨站脚本漏洞

BUGTRAQ ID: 61638 CVECAN ID: CVE-2013-2136 Apache CloudStack是部署和管理大型虚拟机网络的开源软件。 Apache CloudStack 4.0.0-incubating, 4.0.1-incubating 4.0.2, 4.1.0的用户界面允许经过身份验证的用户对系统内的其他用户执行跨站脚本攻击。 0 Apache Group CloudStack 4.1.0 Apache Group CloudStack 4.0.2 Apache Group CloudStack 4.0.1-incubating Apache Group...

Apache CloudStack 身份验证绕过漏洞(CVE-2013-2756)

BUGTRAQ ID: 59463 CVECAN ID: CVE-2013-2756 Apache CloudStack是部署和管理大型虚拟机网络的开源软件。 Apache CloudStack 4.0.2之前版本存在安全绕过漏洞，熟悉Apache CloudStack源代码的攻击者可以未经授权访问另一个租户VM的控制台。 0 Apache Group CloudStack 4.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://httpd.apache.org/...

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

Design/Logic Flaw

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

Apache CloudStack本地信息泄露漏洞

BUGTRAQ ID: 57259 CVECAN ID: CVE-2012-5616 Apache CloudStack是部署和管理大型虚拟机网络的开源软件。 Apache CloudStack 4.0.0-incubating及其他版本存在安全漏洞，本地用户可利用此漏洞泄露敏感信息。 1） createSSHKeyPair API命令内存在错误，此命令将新建的SSH密钥存储在日志文件中，可造成密钥泄露。 2）AddHost API呼叫将某些信息记录在日志文件内，可造成泄露已添加主机的密码。 3）DeployVM和ResetPasswordForVM...

CVE-2012-4501

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs...

Code injection

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs...

CVE-2012-4501

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs...

Apache Cloudstack default account

Default account with known password...