Page 4 of 25 results (0.011 seconds)

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. Vulnerabilidad no especificada en Citrix Access Gateway Standard Edition 4.5.7 y versiones anteriores y Advanced Edition 4.5 HF2 y versiones anteriores permite a atacantes remotos evitar la autenticación y conseguir "acceso a los recursos de red" a través de vectores no especificados. • http://secunia.com/advisories/30175 http://support.citrix.com/article/CTX116930 http://www.securityfocus.com/bid/29174 http://www.securitytracker.com/id?1020025 http://www.vupen.com/english/advisories/2008/1474/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42356 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. El interfaz del portal web de Citrix Access Gateway (también conocido como Citrix Advanced Access Control) versiones anteriores a Advanced Edition 4.5 HF1, sitúa un ID de sesión en el URL, lo cual permite a atacantes locales o remotos dependientes del contexto secuestrar sesiones al leer "información residual", incluyendo un fichero de trazas utilizado, historial del navegador, o la caché del navegador. • http://osvdb.org/45288 http://secunia.com/advisories/26143 http://securitytracker.com/id?1018435 http://support.citrix.com/article/CTX112803 http://support.citrix.com/article/CTX113814 http://www.securityfocus.com/archive/1/482626/100/100/threaded http://www.securityfocus.com/bid/24975 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35510 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.6EPSS: 2%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola del administrador basado en web en Citrix Access Gateway anterior al software empotrado (firmware) 4.5.5 permite a atacantes remotos llevar a cabo ciertos cambios de configuracion como administradores. • http://osvdb.org/37841 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113817 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35513 •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. Citrix Access Gateway Advanced Edition anterior a software empotrado (firmware) 4.5.5 permite a atacantes remotos redireccionar usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores desconocidos. • http://osvdb.org/37840 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35512 •

CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0

Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. Múltiples vulnerabilidades no especificadas en Net6Helper.DLL (también conocido como Net6Launcher Class) 4.5.2 y anteriores, (2) npCtxCAO.dll (también conocido como Citrix Endpoint Analysis Client) en un extensión de directorio Firefox, y (3) un segundo pCtxCAO.dll (también conocido como CCAOControl Object) anterior a 4.5.0.0 en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1 • http://osvdb.org/37842 http://osvdb.org/37843 http://osvdb.org/37844 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.vupen.com/english/advisories/2007/2583 •