CVE-2016-9028
https://notcve.org/view.php?id=CVE-2016-9028
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. Vulnerabilidad de redirección no autorizada en Citrix NetScaler ADC en versiones anteriores a 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F y 11.1 47.14 permite a un atacante remoto robar las cookies de sesión de un usuario legítimo AAA a través de manipulación del cabecero del Host. • http://www.securityfocus.com/bid/93947 http://www.securitytracker.com/id/1037175 https://support.citrix.com/article/CTX218361 • CWE-254: 7PK - Security Features •
CVE-2016-2072
https://notcve.org/view.php?id=CVE-2016-2072
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. La Administrative Web Interface en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 11.x en versiones anteriores a 11.0 Build 64.34, 10.5 en versiones anteriores a 10.5 Build 59.13, 10.5.e en versiones anteriores a Build 59.1305.e y 10.1 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://support.citrix.com/article/CTX206001 http://www.securitytracker.com/id/1035098 • CWE-254: 7PK - Security Features •
CVE-2016-2071
https://notcve.org/view.php?id=CVE-2016-2071
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 11.x en versiones anteriores a 11.0 Build 64.34, 10.5 en versiones anteriores a 10.5 Build 59.13 y 10.5.e en versiones anteriores a Build 59.1305.e permite a atacantes remotos obtener privilegios a través de comandos NS Web GUI no especificados. • http://support.citrix.com/article/CTX206001 http://www.securitytracker.com/id/1035098 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7997
https://notcve.org/view.php?id=CVE-2015-7997
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7998
https://notcve.org/view.php?id=CVE-2015-7998
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. La IU de administración en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener información sensible a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •