|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3377 CVE : CVE-2007-6037 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : nnposter Published : 20.11.2007
Advisory Content : Citrix NetScaler Web Management XSS Product: Citrix NetScaler http://www.citrix.com/lang/English/ps2/index.asp Citrix NetScaler contains a cross-site scripting vulnerability in the web management interface. None of the parameter values of /ws/generic_api_call.pl are sanitized before they get embedded in the HTML output. As an example, parameter "standalone" can be exploited as follows: http://(target)/ws/generic_api_call.pl?function=statns&standalone=%3c/sc ript%3e%3cscript%3ealert(document.cookie)%3c/script%3e%3cscript%3e The vulnerability has been identified in version 8.0, build 47.8. However, other versions may be also affected. Solution: Do not stay logged into the NetScaler web management interface while browsing other web sites. Found by: nnposter  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |