19 matches found
EUVD-2013-2695
Malware in sbrugna...
EUVD-2013-2696
Malware in sbrugna...
EUVD-2013-2697
Malware in sbrugna...
Citrix CloudPlatform Detection
Binary data citrixcloudplatformmanagerdetect.nbin...
Citrix CloudPlatform Unauthorized Access Vulnerability (CTX140989)
Virtual routers created in Citrix CloudPlatform do not preserve the source restrictions in their firewall rules after being restarted. This allows a remote attacker to bypass the intended restrictions and access network resources after a virtual router has been restarted. %NASLMINLEVEL 70300 C...
Citrix CloudPlatform Default Credentials
The remote Citrix CloudPlatform web administration interface uses a known set of default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid79641; scriptversion"1.5";...
CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2757
Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...
CVE-2013-2756
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...
Code injection
Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...
Design/Logic Flaw
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2757
Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...
CVE-2013-2756
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...
CVE-2013-2758
CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...
CVE-2013-2756
The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...
CVE-2012-5616
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...
Design/Logic Flaw
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...
CVE-2012-5616
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...