RSS   Vulnerabilities for 'Xencenterweb'   RSS

2009-10-22
 
CVE-2009-3760

 

 
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.

 
 
CVE-2009-3759

 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.

 
 
CVE-2009-3758

 

 
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

 
 
CVE-2009-3757

 

 
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Citrix 78 Products
Metaframe
Winframe
Nfuse
Ica client
Access essentials
Metaframe presentation server
Presentation server
Metaframe client
Program neighborhood agent
Metaframe password manager
Ica program neighborhood client
Metaframe secure access manager
Program neighborhood client
Access gateway
Presentation server client
Endpoint analysis client
Netscaler
Edgesight for endpoints
Edgesight for netscaler
Edgesight for presentation server
Web interface
Desktop server
Citrix presentation server
Xenserver
XP
XEN
Xenapp
Deterministic network enhancer
Broadcast server
Netscaler access gateway firmware
Secure gateway
Licensing
Xencenterweb
Online plug-in for mac
Online plug-in for windows
Receiver for iphone
Ica client for linux
Ica client for solaris
Online plug-in for mac for xenapp & xendesktop
Online plug-in for windows for xenapp & xendesktop
Receiver for windows mobile
Licensing administration console
Provisioning services
Cloudstack
Xendesktop
Netscaler access gateway
Xenclient xt
Cloudportal services manager
Netscaler application delivery controller
Netscaler application delivery controller firmware
Gotomeeting
Xenmobile device manager
Xenmobile device manager mdm
Sharefile mobile
Sharefile mobile for tablets
Vdi-in-a-box
Cloudplatform
Access gateway plug-in
Xenmobile
Netscaler gateway firmware
Command center
Netscaler service delivery appliance service vm
Xenmobile server
Netscaler gateway 11.0 firmware
Ios receiver
Worx home
Xenmobile mdx toolkit
Linux virtual delivery agent
License server
License server vpx
Receiver desktop
Netscaler sd-wan
Netscaler gateway
Application delivery controller firmware
Sd-wan
Sharefile
Receiver
Appdna


Copyright 2019, cxsecurity.com

 

Back to Top