Page 2 of 11 results (0.002 seconds)

CVSS: 7.5EPSS: 36%CPEs: 5EXPL: 0

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. Desbordamiento del búfer basado en montón en la función IMA_SECURE_DecryptData1 en la ImaSystem.dll para el Citrix MetaFrame XP 1.0 y 2.0, y Presentation Server 3.0 y 4.0, permite a atacantes remotos ejecutar código de su elección mediante una petición en el Independent Management Architecture (IMA) al servicio (ImaSrv.exe) con tamaños de valores no válidos que disparen el desbordamiento durante la desencriptación. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independant Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. • http://secunia.com/advisories/22802 http://securitytracker.com/id?1017205 http://support.citrix.com/article/CTX111186 http://www.securityfocus.com/archive/1/451337/100/100/threaded http://www.securityfocus.com/bid/20986 http://www.vupen.com/english/advisories/2006/4429 http://www.zerodayinitiative.com/advisories/ZDI-06-038.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30148 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. • http://secunia.com/advisories/17819 http://securitytracker.com/id?1015304 http://securitytracker.com/id?1015305 http://support.citrix.com/article/CTX108208 http://www.securityfocus.com/bid/15664 http://www.vupen.com/english/advisories/2005/2676 https://exchange.xforce.ibmcloud.com/vulnerabilities/23396 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4

Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. • https://www.exploit-db.com/exploits/23316 http://secunia.com/advisories/10127 http://www.osvdb.org/2762 http://www.securityfocus.com/archive/1/343040 http://www.securityfocus.com/bid/27948 http://www.securityfocus.com/bid/8939 https://exchange.xforce.ibmcloud.com/vulnerabilities/13569 https://exchange.xforce.ibmcloud.com/vulnerabilities/40782 •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. • http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt http://secunia.com/advisories/27633 http://support.citrix.com/article/CTX115245 http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor http://www.securityfocus.com/bid/26451 http://www.securitytracker.com/id?1018962 http://www.vupen.com/english/advisories/2007/3870 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. • http://www.securityfocus.com/bid/3440 http://xforce.iss.net/alerts/advise99.php https://exchange.xforce.ibmcloud.com/vulnerabilities/7068 •