Page 2 of 14 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. Vulnerabilidad de salto de directorio en NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permite que atacantes remotos salten el directorio en el sistema objetivo mediante una petición manipulada. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 podría permitir que atacantes remotos descifren datos de texto cifrado TLS aprovechando un oráculo de relleno RSA Bleichenbacher. Esto también se conoce como ataque ROBOT. • http://www.securityfocus.com/bid/102173 http://www.securitytracker.com/id/1039985 https://robotattack.org https://support.citrix.com/article/ctx230238 https://www.kb.cert.org/vuls/id/144389 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 permiten que atacantes remotos obtengan información sensible de la negociación TLS del cliente del backend aprovechando el uso de TLS con certificados del cliente y un intercambio de claves Diffie-Hellman Ephemeral (DHE). • http://www.securityfocus.com/bid/102177 http://www.securitytracker.com/id/1040011 https://support.citrix.com/article/ctx230612 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Se ha identificado una vulnerabilidad en la interfaz de gestión de Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.1 anterior a la build 135.18, 10.5 anterior a la build 66.9, 10.5e anterior a la build 60.7010.e, 11.0 anterior a la build 70.16, 11.1 anterior a la build 55.13 y 12.0 anterior a la build 53.13 (excepto la build 41.24) que, si se explota, podría permitir que un atacante con acceso a la interfaz de gestión de NetScaler obtenga acceso administrativo a la aplicación. • http://www.securityfocus.com/bid/100980 https://support.citrix.com/article/CTX227928 https://support.citrix.com/article/CTX228091 • CWE-287: Improper Authentication •