179 matches found
Mail.ru: [my.games] Stored XSS via untrusted bucket
Domain, site, application -- https://my.games/ Details -- If you check page source of https://my.games, you can notice that site gets static files scripts, styles, images using following URL declaration: https://my.games/hotbox/mygames/frontend/v3-6-13/img/share/main.png mygames here is a name of...
Black screen at logon to MCS provisioned, ICa, RDP, and via console
User published image from App Layering. Published image worked normally, they were able to logon. The provisioned the machine via MCS. When they logon to the provisioned machine, they get a black screen. They are able to launch task manager and start a new task for Explorer. The desktop appears...
Mail.ru: MCS Graphite SSRF: internal network access
Blind SSRF in mcs.mail.ru via unpatched Graphite...
Collect a complete memory dump on a MCS (non-persistent) machine on XenServer (Citrix Hypervisor)
This article outlines the steps to collect complete memory dump on a MCS non-persistent machine on XenServer Citrix Hypervisor. Often we are not able to get the memory dump in instances where MCS provisioned VDAs show behaviors like unresponsiveness/hang. The reason being the machine fails to sav...
ALPINE-CVE-2018-20175
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service segfault...
Cannot create App Layering image for MCS in Azure, hangs during Windows Setup.
To deploy an MCS image to Azure, you decide to use the Azure connector in App Layering. This produces a virtual disk that is primed to run through Windows Setup. You attach it to a VM, power it on, and find that Windows Setup never completes. If you look at the console screen shot in the debuggin...
VDA BSOD With Message: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (CtxMcsWbc.sys)
Server VDAs from a machine catalog using the MCS I/O feature blue screen with message:SYSTEMTHREADEXCEPTIONNOTHANDLED CtxMcsWbc.sys...
VMWare VVOL Support With Citrix MCS and PVS
Use of VMware vSphere Virtual Volumes VMware vVOLs with CVAD MCS and PVS environments...
How to Sysprep PVS images before they are streamed to Target Devices.
Question: Is needed to run Sysprep on PVS images? Answer: It is not needed to run Sysprep on PVS/MCS images since they both have their own version/method built-in to Sysprep the images. Also, it is not recommended to run Sysprep on PVS or MCS machines since it is not needed...
NSA Arsenal: CVE-2017-9073 EsteemAudit analysis-vulnerability warning-the black bar safety net
In April, one named“shadow broker,”the organization publish a part of them from the NSA to steal the exploit tool, mainly for the windows operating system. One of the most famous is the ransomware WanaCryp0t use / exploit"EternalBlue"in. Another is the release to use the tool for the CVE-2017-907...
Information : XenApp/XenDesktop Performance Counters
1. CitrixBrokerService 1. Application Cache Writes 2. Brokered Sessions 3. Database Avg. Transaction Time 4. Database Connected 5. Database Transaction Errors/sec 6. Database Transaction/sec 7. Deregistration Requests 8. Expired Launches/sec 9. Expired Registrations 10. Expired Registration/sec...
Reset the start count of MCS catalog after the catalog has already been created
...
CVE-2015-4297
Open redirect vulnerability (CVE-2015-4297) in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary sites via crafted HTTP request parameters, enabling phishing-like redirection. Multiple sources (CNVD/CVE records) confirm the issue and note t...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The numerous vulnerabilities of the mono-mcs package in the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists
When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...
CA Tied to Chinese Registrar Issued Unauthorized Google Certificates
Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for...
kernel security, bug fix, and enhancement update
3.10.0-123.4.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.4.2 - fs aio: fix plug memory disclosure and fix reqsactive accounting backport Jeff Moyer 1094604 1094605 CVE-2014-0206 - fs aio: plug memory disclosure and fix reqsactive accounting Mateusz Guzik 1094604 1094605 CVE-2014-0206...
Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail
These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...
CVE-2013-1232
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252...
Default configuration
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629...