40 matches found
Apache VCL SQL Injection Vulnerability
Apache VCL is a set of open source cloud computing platform of the U.S. Apache Apache Software Foundation. A SQL injection vulnerability exists in Apache VCL versions 2.1 through 2.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...
CVE-2018-11773
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
CVE-2018-11773
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
CVE-2018-11774
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...
CVE-2018-11774
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...
CVE-2018-11772
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...
CVE-2018-11772
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...
Sql injection
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...
Design/Logic Flaw
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
Sql injection
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...
CVE-2018-11772
The CVE-2018-11772 entry concerns Apache VCL versions 2.1–2.5 with an SQL injection caused by improper validation of cookie input used to determine the previously selected node in the privilege tree. The cookie data is incorporated into an SQL statement, enabling injection. Access to this VCL are...
CVE-2018-11772
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...
CVE-2018-11774
CVE-2018-11774 affects Apache VCL versions 2.1–2.5. The issue is improper validation of form input used in SQL statements when adding/removing VMs to hosts, enabling an SQL injection described as requiring admin-level access. A fix/upgrade is advised for versions earlier than 2.5.1. The available...
CVE-2018-11773
Apache VCL exposes a vulnerability in versions 2.1–2.5 where submitted block allocation form input is not properly validated and is passed to PHP’s strtotime, enabling exploitation of that function’s behavior. The advisory notes that versions earlier than 2.5.1 should be upgraded or patched; upgr...
CVE-2018-11773
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...
CVE-2013-0267
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...
Cross site scripting
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...
CVE-2013-0267
CVE-2013-0267 affects Apache VCL: the Privileges portion of the web GUI and the XMLRPC API on VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2, and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or...
CVE-2013-0267
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...
Apache VCL improper input validation
CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion of...