CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 1CVE-2007-6267
https://notcve.org/view.php?id=CVE-2007-6267
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. Vulnerabilidad en Citrix EdgeSight 4.2 y 4.5 para Presentation Server, EdgeSight 4.2 y 4.5 para Endpoints, y EdgeSight para NetScaler 1.0 y 1.1 . No guardan correctamente los credenciales de la base de datos en archivos de configuración, lo que permite que un usuario local pueda obtener información sensible. • http://secunia.com/advisories/27935 http://support.citrix.com/article/CTX115281 http://www.securityfocus.com/bid/26705 http://www.securitytracker.com/id?1019050 http://www.vupen.com/english/advisories/2007/4091 https://exchange.xforce.ibmcloud.com/vulnerabilities/38861 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6192
https://notcve.org/view.php?id=CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. La interfaz de administración web en Citrix NetScaler 8.0 build 47.8 usa cifrado débil (XOR de datos sin relleno) para almacenar las credenciales dentro de una cookie, lo cual facilita a los atacantes remotos la obtención de credenciales en texto claro cuando la cookie es capturada mediante un ataque de texto plano conocido (known-plaintext attack). • http://securityreason.com/securityalert/3409 http://securitytracker.com/id?1018991 http://www.securityfocus.com/archive/1/484182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/38646 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6193
https://notcve.org/view.php?id=CVE-2007-6193
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. La interfaz web de administración en Citrix NetScaler 8.0 build 47.8 almacena la dirección IP del dispositivo primario en una cookie, lo cual podría permitir a atacantes remotos obtener información de configuración sensible si la dirección no es la misma que la usada en la interfaz web. • http://securityreason.com/securityalert/3409 http://www.securityfocus.com/archive/1/484182/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6037 – Citrix Netscaler 8.0 build 47.8 - Generic_API_Call.pl Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6037
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en ws/generic_api_call.pl en Citrix NetScaler 8.0 build 47.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro standalone y otros parámetros no especificados. • https://www.exploit-db.com/exploits/30777 http://osvdb.org/39009 http://secunia.com/advisories/27726 http://securityreason.com/securityalert/3377 http://www.securityfocus.com/archive/1/483920/100/0/threaded http://www.securityfocus.com/bid/26491 http://www.securitytracker.com/id?1018981 http://www.vupen.com/english/advisories/2007/4065 https://exchange.xforce.ibmcloud.com/vulnerabilities/38563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •