Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-194: Citrix MetaFrame Web Manager 'login.asp' Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-194: Citrix MetaFrame Web Manager 'login.asp' Vulnerability
# 1  
Old 02-25-2008
S-194: Citrix MetaFrame Web Manager 'login.asp' Vulnerability
Citrix MetaFrame Web Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Web Development

ASP.NET 5 Application on Centos OS7 Web Hosting Server

Hi All, Frankly I'm new to Linux Environment. While we are trying to Host an ASP.NET 5 Web Application on Centos OS7 Web hosting Server. There were couple of steps which we are supposed to go through, please see this link - We are stuck at Create a Container & then Running the Container,... (1 Reply)
Discussion started by: John Fredric
1 Replies

2. Cybersecurity

APACHE: Tie in Web Page login with server login

Hello, I have created a web page on a server using apache and added .htaccess and .htpasswd in the folder for authentification. I was wondering if there was anyway to tie-in the login for this page with the login used to logon to the server. i.e. the same login info. is used for both, when... (1 Reply)
Discussion started by: WhotheWhat
1 Replies

3. Solaris

How to install citrix metaframe server in Solairs 9 and 10,

How to install citrix metaframe server in Solairs 9 and 10, Plese help me if anybody having instllation procedure. your help greatly appreciated. Thanks & Regards Durgaprasad (0 Replies)
Discussion started by: durgaprasadr13
0 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

ftpusers

ftpusers(4)							   File Formats 						       ftpusers(4)

NAME

       ftpusers - file listing users to be disallowed ftp login privileges

SYNOPSIS

       /etc/ftpd/ftpusers

DESCRIPTION

       The ftpusers file lists users for whom ftp login privileges are disallowed. Each ftpuser entry is a single line of the form:

	 name

       where name is the user's login name.

       The FTP Server, in.ftpd(1M), reads the ftpusers file. If the login name of the user matches one of the entries listed, it rejects the login
       attempt.

       The ftpusers file has the following default configuration entries:

	 root
	 daemon
	 bin
	 sys
	 adm
	 lp
	 uccp
	 nuucp
	 smmsp
	 listen
	 nobody
	 noaccess
	 nobody4

       These entries match the default instantiated entries from passwd(4). The list of default entries typically contains the superuser root  and
       other administrative and system application identities.

       The  root entry is included in the ftpusers file as a security measure since the default policy is to disallow remote logins for this iden-
       tity. This policy is also set in the default value of the CONSOLE entry in the /etc/default/login file. See login(1).  If  you  allow  root
       login  privileges  by  deleting the root entry in ftpusers, you should also modify the security policy in /etc/default/login to reflect the
       site security policy for remote login access by root.

       Other default entries are administrative identities that are typically assumed by system applications but never used for  local	or  remote
       login,  for  example sys and nobody. Since these entries do not have a valid password field instantiated in shadow(4), no login can be per-
       formed.

       If a site adds similar administrative or system application identities in passwd(4) and shadow(4), for example, majordomo, the site  should
       consider including them in the ftpusers file for a consistent security policy.

       Lines that begin with # are treated as comment lines and are ignored.

FILES

       /etc/ftpd/ftpusers    A file that lists users for whom ftp login privileges are disallowed.

       /etc/ftpusers	     See /etc/ftpd/ftpusers. This file is deprecated, although its use is still supported.

       /etc/default/login

       /etc/passwd	     password file

       /etc/shadow	     shadow password file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWftpr			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |See below.		   |
       +-----------------------------+-----------------------------+

       The interface stability for /etc/ftpd/ftpusers is Volatile. The interface stability for /etc/ftpusers is (Obsolete).

SEE ALSO

       login(1), in.ftpd(1M), ftpaccess(4), ftphosts(4), passwd(4), shadow(4), attributes(5), environ(5)

SunOS 5.11							    1 May 2003							       ftpusers(4)