CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-3730

Malware in sbrugna...

7.5CVSS6.4AI score0.00969EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-3729

Malware in sbrugna...

4.3CVSS6.4AI score0.07645EPSS

Exploits1References8

seebug.org•added 2014/07/01 12:0 a.m.•41 views

citrix xencenterweb (xss/sql/rce) Multiple Vulnerabilities

No description provided by source. Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero...

7.1AI score

Exploits0

NVD•added 2009/10/22 5:30 p.m.•12 views

CVE-2009-3757

Multiple cross-site scripting XSS vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter to config/edituser.php; 2 location, 3 sessionid, and 4 vmname parameters to console.php;...

4.3CVSS5.8AI score0.07645EPSS

Exploits1References7

Prion•added 2009/10/22 5:30 p.m.•16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for 1 requests that change the password via the username parameter to config/changepw.php or 2 stop a...

6CVSS8AI score0.01709EPSS

Exploits1References7

Prion•added 2009/10/22 5:30 p.m.•12 views

Code injection

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party...

7.5CVSS7.7AI score0.08382EPSS

Exploits1References6

Prion•added 2009/10/22 5:30 p.m.•11 views

Sql injection

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS9.1AI score0.00969EPSS

Exploits1References7

NVD•added 2009/10/22 5:30 p.m.•16 views

CVE-2009-3759

8.8CVSS9.2AI score0.01709EPSS

Exploits1References7

Cvelist•added 2009/10/22 5:0 p.m.•23 views

CVE-2009-3759

9.3AI score0.01709EPSS

Exploits1References7

Cvelist•added 2009/10/22 5:0 p.m.•20 views

CVE-2009-3757

5.8AI score0.07645EPSS

Exploits1References7

CVE•added 2009/10/22 5:0 p.m.•42 views

CVE-2009-3757

CVE-2009-3757 affects the XenServer Resource Kit sample code in Citrix XenCenterWeb. The vulnerability is multiple cross-site scripting (XSS) flaws in the web UI, exploitable through user-controlled input in PHP scripts: config/edituser.php (username), console.php (location, sessionid, vmname), f...

4.3CVSS5.8AI score0.07645EPSS

Exploits1References7Affected Software1

CVE•added 2009/10/22 5:0 p.m.•39 views

CVE-2009-3758

CVE-2009-3758 is a SQL injection in login.php of the XenServer Resource Kit / XenCenterWeb. The vulnerability allows remote attackers to execute arbitrary SQL commands via the username parameter, as described in NVD/NIST and mirrored in multiple sources. Public exploit coverage is indicated by a ...

7.5CVSS8.4AI score0.00969EPSS

Exploits1References7Affected Software1

CVE•added 2009/10/22 5:0 p.m.•43 views

CVE-2009-3760

CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...

7.5CVSS7.2AI score0.08382EPSS

Exploits1References6Affected Software1

Positive Technologies•added 2009/10/22 12:0 a.m.•4 views

PT-2009-6003 · Citrix · Citrix Xencenterweb

Name of the Vulnerable Software and Affected Versions: Citrix XenCenterWeb affected versions not specified Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow...

8.8CVSS9.1AI score0.01709EPSS

Exploits1References9

Check Point Advisories•added 2009/07/24 12:0 a.m.•1 views

Update Protection against Citrix XenCenterWeb Cross Site Scripting Vulnerabilities

Citrix XenCenterWeb is a web interface for Citrix XenServer environment management. Lack of sanitization in the username parameter may allow an attacker to access the Citrix XENCenter management console with javascript embedded in the username parameter...

6.8AI score

Exploits0

exploitpack•added 2009/07/10 12:0 a.m.•26 views

citrix xencenterweb - Cross-Site Scripting SQL Injection Remote Code Execution

citrix xencenterweb - Cross-Site Scripting SQL Injection Remote Code Execution Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL:...

Exploits0

Exploit DB•added 2009/07/10 12:0 a.m.•54 views

citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution

Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero [email protected] - Claudio...

7.4AI score

Exploits0

seebug.org•added 2009/07/10 12:0 a.m.•29 views

Citrix XenCenterWeb (XSS/SQL/RCE) Multiple Remote Vulnerabilities

7.1AI score

Exploits0

0day.today•added 2009/07/10 12:0 a.m.•29 views

Citrix XenCenterWeb (XSS/SQL/RCE) Multiple Remote Vulnerabilities

Exploit for windows platform in category remote exploits ================================================================= Citrix XenCenterWeb XSS/SQL/RCE Multiple Remote Vulnerabilities ================================================================= Secure Network - Security Research Advisory...

7.1AI score

Exploits0

seebug.org•added 2009/07/09 12:0 a.m.•19 views

Citrix XenCenterWeb多个输入验证漏洞

BUGTRAQ ID: 35592 Citrix XenCenterWeb是用于管理Citrix XenServer环境的web界面。 XenCenterWeb的多个模块没有正确的验证用户所提供的输入，远程攻击者可以通过向服务器提交恶意请求执行跨站脚本、跨站请求伪造、SQL注入和代码注入等攻击。 a 跨站脚本和跨站请求伪造在默认的PHP配置中（registerglobals=Off且magicquotesgpc=On），可以通过向edituser.php脚本提交恶意的username参数执行跨站脚本和跨站请求伪造攻击。 b SQL注入...

6.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by