CVE-2012-4603
https://notcve.org/view.php?id=CVE-2012-4603
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. Citrix XenApp Online Plug-in para Windows versión 12.1 y anteriores, y Citrix Receiver para Windows versión 3.2 y anteriores, podrían permitir a atacantes remotos ejecutar código arbitrario al convencer a un objetivo de que abra un archivo especialmente diseñado desde un servidor de archivos SMB o WebDAV. • http://www.securityfocus.com/bid/55518 http://www.securitytracker.com/id?1027521 http://www.securitytracker.com/id?1027522 https://exchange.xforce.ibmcloud.com/vulnerabilities/78433 • CWE-20: Improper Input Validation •
CVE-2013-3620
https://notcve.org/view.php?id=CVE-2013-3620
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. Credenciales WSMan embebidas en Intelligent Platform Management Interface (IPMI) con firmware para tarjetas madres generación X9 Supermicro versiones anteriores a la versión 3.15 (SMT_X9_315) y firmware para tarjetas madres generación X8 Supermicro versiones anteriores a la versión SMT X8 312. • http://support.citrix.com/article/CTX216642 https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/89045 https://support.citrix.com/article/CTX216642 https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf • CWE-522: Insufficiently Protected Credentials •
CVE-2013-3619 – Supermicro Onboard IPMI Static SSL Certificate Scanner
https://notcve.org/view.php?id=CVE-2013-3619
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. Intelligent Platform Management Interface (IPMI) con firmware para las tarjetas madres generación X9 Supermicro versiones anteriores a SMT_X9_317 y el firmware para las tarjetas madres generación X8 Supermicro versiones anteriores a la verisón SMT X8 312, contienen claves de cifrado privadas embebidas para la (1) interfaz SSL del servidor web Lighttpd y el (2) demonio Dropbear SSH. • http://support.citrix.com/article/CTX216642 https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/89044 https://support.citrix.com/article/CTX216642 https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf • CWE-798: Use of Hard-coded Credentials •
CVE-2019-19781 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. Se descubrió un problema en Citrix Application Delivery Controller (ADC) and Gateway versiones 10.5, 11.1, 12.0, 12.1 y 13.0. Permiten un salto de directorio. Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. • https://www.exploit-db.com/exploits/47930 https://www.exploit-db.com/exploits/47913 https://www.exploit-db.com/exploits/47901 https://github.com/projectzeroindia/CVE-2019-19781 https://github.com/mpgn/CVE-2019-19781 https://github.com/jas502n/CVE-2019-19781 https://github.com/mandiant/ioc-scanner-CVE-2019-19781 https://github.com/citrix/ioc-scanner-CVE-2019-19781 https://github.com/haxrob/CVE-2019-19781 https://github.com/aqhmal/CVE-2019-19781 https://github.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-18225
https://notcve.org/view.php?id=CVE-2019-18225
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. Se detectó un problema en Citrix Application Delivery Controller (ADC) y Gateway versiones anteriores a 10.5 build 70.8, versiones 11.x anteriores a 11.1 build 63.9, versión 12.0 anterior a build 62.10, versión 12.1 anterior a build 54.16 y versión 13.0 anterior a build 41.28. Un atacante con acceso a la interfaz de administración puede omitir la autenticación para obtener acceso administrativo del dispositivo. • https://support.citrix.com/article/CTX261055 •