16 matches found
EUVD-2009-3729
Malware in sbrugna...
EUVD-2009-3730
Malware in sbrugna...
citrix xencenterweb (xss/sql/rce) Multiple Vulnerabilities
No description provided by source. Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero...
Sql injection
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for 1 requests that change the password via the username parameter to config/changepw.php or 2 stop a...
Code injection
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party...
CVE-2009-3759
Multiple cross-site request forgery CSRF vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for 1 requests that change the password via the username parameter to config/changepw.php or 2 stop a...
CVE-2009-3760
CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...
PT-2009-6003 · Citrix · Citrix Xencenterweb
Name of the Vulnerable Software and Affected Versions: Citrix XenCenterWeb affected versions not specified Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow...
citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero [email protected] - Claudio...
Citrix XenCenterWeb (XSS/SQL/RCE) Multiple Remote Vulnerabilities
No description provided by source. Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero...
Citrix XenCenterWeb (XSS/SQL/RCE) Multiple Remote Vulnerabilities
Exploit for windows platform in category remote exploits ================================================================= Citrix XenCenterWeb XSS/SQL/RCE Multiple Remote Vulnerabilities ================================================================= Secure Network - Security Research Advisory...
citrix xencenterweb - Cross-Site Scripting SQL Injection Remote Code Execution
citrix xencenterweb - Cross-Site Scripting SQL Injection Remote Code Execution Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL:...
Citrix XenCenterWeb多个输入验证漏洞
BUGTRAQ ID: 35592 Citrix XenCenterWeb是用于管理Citrix XenServer环境的web界面。 XenCenterWeb的多个模块没有正确的验证用户所提供的输入,远程攻击者可以通过向服务器提交恶意请求执行跨站脚本、跨站请求伪造、SQL注入和代码注入等攻击。 a 跨站脚本和跨站请求伪造 在默认的PHP配置中(registerglobals=Off且magicquotesgpc=On),可以通过向edituser.php脚本提交恶意的username参数执行跨站脚本和跨站请求伪造攻击。 b SQL注入...
Citrix XenCenterWeb Multiple Vulnerabilities
Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero [email protected] - Claudio...
Citrix XenCenterWeb XSS / XSRF / SQL Injection
Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero [email protected] - Claudio...