5 matches found
EUVD-2009-3732
Malware in sbrugna...
Sql injection
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for 1 requests that change the password via the username parameter to config/changepw.php or 2 stop a...
CVE-2009-3760
CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...
PT-2009-6003 · Citrix · Citrix Xencenterweb
Name of the Vulnerable Software and Affected Versions: Citrix XenCenterWeb affected versions not specified Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow...