CVE-2021-37350 : Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input …
Tag: Information technology management
Zabbix 5.x SQL Injection / Cross Site Scripting – Torchsec: torchsecuritynet
Obewyn2h. Zabbix 5.x SQL Injection / Cross Site Scripting – Torchsec. torchsec.net. 1. Comment Share. 0 Comments sorted byBest. Log in or sign up …
Related:
New post from (Zabbix 5.x SQL Injection / Cross Site Scripting) has been publis… – Bug Bounty Tips
New post from (Zabbix 5.x SQL Injection / Cross Site Scripting) has been publis… Tarang Parmar July 26, 2021. Posted by https://t.co/5izwsomN8w …
Related:
Citrix SSL Forward proxy’s Default authorization is to ALLOW ANY instead of DENY ANY
As per current design the DEFAULT Authorization of Citrix SSL Forward proxy is ALLOW ANY instead of DENY ANY. Hence, filed an Enhancement request with Citrix Development team.
While Citrix Development team is working on an enhancement request to make the DEFAULT Authorization as DENY ANY, We have a workaround as shown in the below configuration snippet to achieve the same requirement (i.e Default DENY ANY)
Sample Configuration Snippet:
———————————————-
The below configuration will take care of all requests that come in with a port value in the URL or HOST Header and Deny the access if the destination ports are not with :443 or :80
NOTE: Like port :443 or :80 mentioned in the below patset, You can also add the “ : <port number>“ in patset which is required to be allowed via Citrix ADC Proxy.
> add patset allowed_ports
> bind policy patset allowed_ports “:443”
> bind policy patset allowed_ports “:80”
>add responder policy web only ‘(HTTP.REQ.HOSTNAME.PORT.LENGTH.GT(1) && HTTP.REQ.HOSTNAME.PORT.EQUALS_ANY(“allowed_ports”).NOT) || (HTTP.REQ.URL.HOSTNAME.PORT.LENGTH.GT(1) && HTTP.REQ.URL.HOSTNAME.PORT.EQUALS_ANY(“allowed_ports”).NOT)’ RESET
> bind cs vs SSL-FORWARDPROXY Vserver -policyname web_only -priority 10
Related:
Update version release to replace Citrix ADC VPX 12.1-55.18 – Citrix Service Provider program
This article describes the release of solution build 12.1-55.237.
Solution
In accordance with license server certificate renewal, new build version of Citrix ADC* VPX (CSP) is released.
This build 12.1-55.237 is based on existing 12.1-55.18. Only license communication part is updated and other features are unchanged.
*) Former Netscaler
Applicable Products
Citrix ADC VPX 10 – Standard Edition for Service Providers
Citrix ADC VPX 50 – Standard Edition for Service Providers
Citrix ADC VPX 200 – Standard Edition for Service Providers
Citrix ADC VPX 1000 – Standard Edition for Service Providers
Citrix ADC VPX 3000 – Standard Edition for Service Providers
Related:
Nagios Xi Sql Password
SQL injection vulnerability in Nagios XI before 5. Some of the common reasons that make us unable to login to the Nagios XI web interface include: …
Related:
FIPS Appliance Error “Enabling of TLSv1.1/1.2 is not supported on this entity/platform”
Citrix Secure Web Gateway, formerly NetScaler Secure Web Gateway
1- From GUI or CLI, when trying to enable TLSv1.1 and TLSv1.2 getting error “Enabling of TLSv1.1/1.2 is not supported on this entity/platform”
Related:
Customer Relationship Management (CRM) System 1.0 SQL Injection ≈ Packet Storm
Customer Relationship Management (CRM) System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Related:
CVE-2021-28925 SQL injection vulnerability in Nagios Network A… – Vulmon
SQL injection vulnerability in Nagios Network Analyzer prior to 2.4.3 via the o[col] parameter to api/checks/read/.
Related:
Error: “Certificate with key size greater than RSA512 or DSA512 bits not supported” on NetScaler
To resolve this issue, apply any or both of the following resolutions, as required:
-
Allocate or reallocate the correct license with correct Host ID/HostName to the NetScaler appliance. For assistance in allocating proper license, see CTX122426 – Citrix NetScaler VPX and CloudBridge VPX Licensing Guide and CTX121062 – How to License NetScaler Appliances Using Manage Licenses Tool.
Note: Perform a complete reboot instead of just a warm reboot of the appliance. -
Verify whether the installed NetScaler version license is compatible. If not install the correct license on the appliance.
After applying the required resolution, the additional ciphers are available and you can add a certificate that has a key size greater than 512 bits. The NetScaler appliance supports certificates with key size 512, 1024, 2048, and 4096 bits.