19 matches found
EUVD-2013-2695
Malware in sbrugna...
EUVD-2013-2697
Malware in sbrugna...
EUVD-2013-2696
Malware in sbrugna...
Citrix CloudPlatform Detection
Binary data citrixcloudplatformmanagerdetect.nbin...
Citrix CloudPlatform Default Credentials
The remote Citrix CloudPlatform web administration interface uses a known set of default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid79641; scriptversion"1.5";...
Citrix CloudPlatform Unauthorized Access Vulnerability (CTX140989)
Virtual routers created in Citrix CloudPlatform do not preserve the source restrictions in their firewall rules after being restarted. This allows a remote attacker to bypass the intended restrictions and access network resources after a virtual router has been restarted. %NASLMINLEVEL 70300 C...
CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2757
Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...
CVE-2013-2756
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...
Code injection
Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...
Design/Logic Flaw
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2758
CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...
CVE-2013-2757
Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors...
CVE-2013-2756
The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...
CVE-2013-2758
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...
CVE-2013-2756
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...
CVE-2012-5616
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...
Design/Logic Flaw
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...
CVE-2012-5616
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...