CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 5CVE-2009-3760 – citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-3760
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección de código estático en config/writeconfig.php en el código de muestra en XenServer Resource Kit en Citrix XenCenterWeb permite a los atacantes remotos inyectar arbitrariamente código PHP en include/config.ini.php a través del parámetro pool1. NOTA: alguna de estos detalles han sido obtenidos de información de terceros • https://www.exploit-db.com/exploits/9106 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt http://securitytracker.com/id?1022520 http://www.exploit-db.com/exploits/9106 http://www.securityfocus.com/archive/1/504764 http://www.securityfocus.com/bid/35592 http://www.vupen.com/english/advisories/2009/1814 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 5CVE-2009-3758 – citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-3758
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en ogin.php en sample code en XenServer Resource Kit en Citrix XenCenterWeb permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro username. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/9106 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt http://securitytracker.com/id?1022520 http://www.exploit-db.com/exploits/9106 http://www.securityfocus.com/archive/1/504764 http://www.securityfocus.com/bid/35592 http://www.vupen.com/english/advisories/2009/1814 https://exchange.xforce.ibmcloud.com/vulnerabilities/51574 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 4CVE-2009-3759 – citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-3759
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en sample code en el XenServer Resource Kit en Citrix XenCenterWeb en Citrix XenCenterWeb, permite a atacantes remotos secuestras la autenticación de los administradores para (1) peticiones que modifican la contraseña mediante el parámetro "username" en config/changepw.php o (2)parar una máquina virtual mediante el parámetro stop_vmname en hardstopvm.php. NOTA: algunos detalles han sido obtenidos a partir de información de terceros. • https://www.exploit-db.com/exploits/9106 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt http://securitytracker.com/id?1022520 http://www.exploit-db.com/exploits/9106 http://www.securityfocus.com/archive/1/504764 http://www.securityfocus.com/bid/35592 http://www.vupen.com/english/advisories/2009/1814 https://exchange.xforce.ibmcloud.com/vulnerabilities/51576 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2452
https://notcve.org/view.php?id=CVE-2009-2452
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console." Múltiples vulnerabilidades no especificadas en Citrix Licensing v11.5 con impacto y vectores de ataque desconocidos, en relación con "los componentes subyacentes de License Management Console". • http://secunia.com/advisories/34937 http://support.citrix.com/article/CTX120742 http://www.securityfocus.com/bid/34759 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2009-2453
https://notcve.org/view.php?id=CVE-2009-2453
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. Citrix XenApp (anteriormente Presentation Server) v4.5 Hotfix Rollup Pack 3 no aplica adecuadamente la política de accesos cuando es definida con los filtros Access Gateway Advanced Edition, lo cual permite a atacantes remotos evitar las restricciones previstas a través de vectores desconocidos. • http://osvdb.org/53900 http://secunia.com/advisories/34865 http://support.citrix.com/article/CTX118792 http://www.securityfocus.com/bid/34691 http://www.securitytracker.com/id?1022114 http://www.vupen.com/english/advisories/2009/1154 • CWE-264: Permissions, Privileges, and Access Controls •