Lucene search
+L

179 matches found

hackerone
hackerone
added 2020/05/14 11:37 a.m.117 views

Mail.ru: [my.games] Stored XSS via untrusted bucket

Domain, site, application -- https://my.games/ Details -- If you check page source of https://my.games, you can notice that site gets static files scripts, styles, images using following URL declaration: https://my.games/hotbox/mygames/frontend/v3-6-13/img/share/main.png mygames here is a name of...

6.7AI score
Exploits0
citrix
citrix
added 2020/04/06 12:0 a.m.10 views

Black screen at logon to MCS provisioned, ICa, RDP, and via console

User published image from App Layering. Published image worked normally, they were able to logon. The provisioned the machine via MCS. When they logon to the provisioned machine, they get a black screen. They are able to launch task manager and start a new task for Explorer. The desktop appears...

7.2AI score
Exploits0
hackerone
hackerone
added 2020/03/12 9:19 p.m.28 views

Mail.ru: MCS Graphite SSRF: internal network access

Blind SSRF in mcs.mail.ru via unpatched Graphite...

3.5AI score
Exploits0
citrix
citrix
added 2019/09/04 12:0 a.m.10 views

Collect a complete memory dump on a MCS (non-persistent) machine on XenServer (Citrix Hypervisor)

This article outlines the steps to collect complete memory dump on a MCS non-persistent machine on XenServer Citrix Hypervisor. Often we are not able to get the memory dump in instances where MCS provisioned VDAs show behaviors like unresponsiveness/hang. The reason being the machine fails to sav...

7AI score
Exploits0
osv
osv
added 2019/03/15 6:29 p.m.3 views

ALPINE-CVE-2018-20175

rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service segfault...

7.5CVSS6.7AI score0.04304EPSS
Exploits1References1
citrix
citrix
added 2019/02/05 12:0 a.m.6 views

Cannot create App Layering image for MCS in Azure, hangs during Windows Setup.

To deploy an MCS image to Azure, you decide to use the Azure connector in App Layering. This produces a virtual disk that is primed to run through Windows Setup. You attach it to a VM, power it on, and find that Windows Setup never completes. If you look at the console screen shot in the debuggin...

6.9AI score
Exploits0
citrix
citrix
added 2018/08/21 12:0 a.m.9 views

VDA BSOD With Message: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (CtxMcsWbc.sys)

Server VDAs from a machine catalog using the MCS I/O feature blue screen with message:SYSTEMTHREADEXCEPTIONNOTHANDLED CtxMcsWbc.sys...

7.1AI score
Exploits0
citrix
citrix
added 2018/08/16 12:0 a.m.8 views

VMWare VVOL Support With Citrix MCS and PVS

Use of VMware vSphere Virtual Volumes VMware vVOLs with CVAD MCS and PVS environments...

7.2AI score
Exploits0
citrix
citrix
added 2018/03/12 12:0 a.m.20 views

How to Sysprep PVS images before they are streamed to Target Devices.

Question: Is needed to run Sysprep on PVS images? Answer: It is not needed to run Sysprep on PVS/MCS images since they both have their own version/method built-in to Sysprep the images. Also, it is not recommended to run Sysprep on PVS or MCS machines since it is not needed...

7.1AI score
Exploits0
myhack58
myhack58
added 2017/06/05 12:0 a.m.227 views

NSA Arsenal: CVE-2017-9073 EsteemAudit analysis-vulnerability warning-the black bar safety net

In April, one named“shadow broker,”the organization publish a part of them from the NSA to steal the exploit tool, mainly for the windows operating system. One of the most famous is the ransomware WanaCryp0t use / exploit"EternalBlue"in. Another is the release to use the tool for the CVE-2017-907...

9.3CVSS1AI score
Exploits0
citrix
citrix
added 2017/03/14 12:0 a.m.8 views

Information : XenApp/XenDesktop Performance Counters

1. CitrixBrokerService 1. Application Cache Writes 2. Brokered Sessions 3. Database Avg. Transaction Time 4. Database Connected 5. Database Transaction Errors/sec 6. Database Transaction/sec 7. Deregistration Requests 8. Expired Launches/sec 9. Expired Registrations 10. Expired Registration/sec...

7AI score
Exploits0
citrix
citrix
added 2016/09/26 12:0 a.m.11 views

Reset the start count of MCS catalog after the catalog has already been created

...

7.2AI score
Exploits0
cve
cve
added 2015/08/19 2:0 p.m.44 views

CVE-2015-4297

Open redirect vulnerability (CVE-2015-4297) in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary sites via crafted HTTP request parameters, enabling phishing-like redirection. Multiple sources (CNVD/CVE records) confirm the issue and note t...

5.8CVSS7AI score0.01105EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2015/04/28 12:0 a.m.6 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The numerous vulnerabilities of the mono-mcs package in the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

7.5CVSS5.4AI score0.0362EPSS
Exploits1References3Affected Software1
threatpost
threatpost
added 2015/04/09 10:57 a.m.16 views

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...

6.5AI score
Exploits0References9
threatpost
threatpost
added 2015/03/23 9:4 p.m.9 views

CA Tied to Chinese Registrar Issued Unauthorized Google Certificates

Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for...

0.8AI score
Exploits0References7
oraclelinux
oraclelinux
added 2014/07/23 12:0 a.m.60 views

kernel security, bug fix, and enhancement update

3.10.0-123.4.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-123.4.2 - fs aio: fix plug memory disclosure and fix reqsactive accounting backport Jeff Moyer 1094604 1094605 CVE-2014-0206 - fs aio: plug memory disclosure and fix reqsactive accounting Mateusz Guzik 1094604 1094605 CVE-2014-0206...

7.2CVSS7.4AI score0.37233EPSS
Exploits26
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.73 views

Vulnerabilities within Mura CMS / Sitecore MCS / SmarterMail

These vulnerabilities allow for a complete take over giving full administrative access as well as remote shells on the servers that they are installed on. Each of these suffer from Insecure Direct Object Reference Vulnerabilities. Due to the details of the attack and screen shots, they can be fou...

2.1AI score
Exploits0
nvd
nvd
added 2013/05/04 3:24 a.m.30 views

CVE-2013-1232

The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252...

5CVSS6.5AI score0.01186EPSS
Exploits1References1
prion
prion
added 2013/05/03 11:57 a.m.17 views

Default configuration

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629...

5CVSS7AI score0.01186EPSS
Exploits0References1
Rows per page
Query Builder