CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-2009-2214
https://notcve.org/view.php?id=CVE-2009-2214
The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. El servicio Secure Gateway en Citrix Secure Gateway v3.1 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante una petición no especificada. • http://secunia.com/advisories/35503 http://support.citrix.com/article/CTX121172 http://www.securityfocus.com/bid/35421 http://www.securitytracker.com/id?1022420 http://www.vupen.com/english/advisories/2009/1633 https://exchange.xforce.ibmcloud.com/vulnerabilities/51216 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5882
https://notcve.org/view.php?id=CVE-2008-5882
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. Vulnerabilidad de inyección SQL en login.asp en Citrix Application Gateway - Broadcast Server (BCS) versiones anteriores a v6.1, como el utilizado por Avaya AG250 - Broadcast Server versiones anteriores a v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "txtUID". • http://secunia.com/advisories/33127 http://securityreason.com/securityalert/4889 http://support.citrix.com/article/CTX119315 http://www.securityfocus.com/archive/1/499559/100/0/threaded http://www.securityfocus.com/bid/32832 http://www.securitytracker.com/id?1021411 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2528
https://notcve.org/view.php?id=CVE-2008-2528
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. Vulnerabilidad no especificada en Citrix Access Gateway Standard Edition 4.5.7 y versiones anteriores y Advanced Edition 4.5 HF2 y versiones anteriores permite a atacantes remotos evitar la autenticación y conseguir "acceso a los recursos de red" a través de vectores no especificados. • http://secunia.com/advisories/30175 http://support.citrix.com/article/CTX116930 http://www.securityfocus.com/bid/29174 http://www.securitytracker.com/id?1020025 http://www.vupen.com/english/advisories/2008/1474/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42356 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2007-0011
https://notcve.org/view.php?id=CVE-2007-0011
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. El interfaz del portal web de Citrix Access Gateway (también conocido como Citrix Advanced Access Control) versiones anteriores a Advanced Edition 4.5 HF1, sitúa un ID de sesión en el URL, lo cual permite a atacantes locales o remotos dependientes del contexto secuestrar sesiones al leer "información residual", incluyendo un fichero de trazas utilizado, historial del navegador, o la caché del navegador. • http://osvdb.org/45288 http://secunia.com/advisories/26143 http://securitytracker.com/id?1018435 http://support.citrix.com/article/CTX112803 http://support.citrix.com/article/CTX113814 http://www.securityfocus.com/archive/1/482626/100/100/threaded http://www.securityfocus.com/bid/24975 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35510 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 2%CPEs: 2EXPL: 0CVE-2007-4017
https://notcve.org/view.php?id=CVE-2007-4017
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola del administrador basado en web en Citrix Access Gateway anterior al software empotrado (firmware) 4.5.5 permite a atacantes remotos llevar a cabo ciertos cambios de configuracion como administradores. • http://osvdb.org/37841 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113817 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35513 •