CVE-2007-0011
https://notcve.org/view.php?id=CVE-2007-0011
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. El interfaz del portal web de Citrix Access Gateway (también conocido como Citrix Advanced Access Control) versiones anteriores a Advanced Edition 4.5 HF1, sitúa un ID de sesión en el URL, lo cual permite a atacantes locales o remotos dependientes del contexto secuestrar sesiones al leer "información residual", incluyendo un fichero de trazas utilizado, historial del navegador, o la caché del navegador. • http://osvdb.org/45288 http://secunia.com/advisories/26143 http://securitytracker.com/id?1018435 http://support.citrix.com/article/CTX112803 http://support.citrix.com/article/CTX113814 http://www.securityfocus.com/archive/1/482626/100/100/threaded http://www.securityfocus.com/bid/24975 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35510 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-4018
https://notcve.org/view.php?id=CVE-2007-4018
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. Citrix Access Gateway Advanced Edition anterior a software empotrado (firmware) 4.5.5 permite a atacantes remotos redireccionar usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores desconocidos. • http://osvdb.org/37840 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35512 •
CVE-2007-4013
https://notcve.org/view.php?id=CVE-2007-4013
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. Múltiples vulnerabilidades no especificadas en Net6Helper.DLL (también conocido como Net6Launcher Class) 4.5.2 y anteriores, (2) npCtxCAO.dll (también conocido como Citrix Endpoint Analysis Client) en un extensión de directorio Firefox, y (3) un segundo pCtxCAO.dll (también conocido como CCAOControl Object) anterior a 4.5.0.0 en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1 • http://osvdb.org/37842 http://osvdb.org/37843 http://osvdb.org/37844 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.vupen.com/english/advisories/2007/2583 •
CVE-2007-4016
https://notcve.org/view.php?id=CVE-2007-4016
Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en los componentes de cliente en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1 permite a atacantes ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/43983 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 •
CVE-2007-3679
https://notcve.org/view.php?id=CVE-2007-3679
The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. El control ActiveX Citrix EPA (también conocido como el "endpoint checking control" ó Objeto CCAOControl) versiones anteriores a 4.5.0.0 en npCtxCAO.dll de Citrix Access Gateway Standard Edition versiones anteriores a 4.5.5 y Advanced Edition versiones anteriores a 4.5 HF1, permite a atacantes remotos descargar y ejecutar programas de su elección en un sistema cliente. • http://osvdb.org/37845 http://secunia.com/advisories/26143 http://securityreason.com/securityalert/2916 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/archive/1/474204/100/0/threaded http://www.securityfocus.com/bid/24865 http://www.securityfocus.com/bid/24975 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-006.txt http://www.vupen.com/english/advisories/2007/2583 https://exchange.xf •