CVE-2004-1078
https://notcve.org/view.php?id=CVE-2004-1078
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. • http://secunia.com/advisories/15108 http://support.citrix.com/kb/entry.jspa?externalID=CTX105650 http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities •
CVE-2003-1157 – Citrix Metaframe XP - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1157
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. • https://www.exploit-db.com/exploits/23316 http://secunia.com/advisories/10127 http://www.osvdb.org/2762 http://www.securityfocus.com/archive/1/343040 http://www.securityfocus.com/bid/27948 http://www.securityfocus.com/bid/8939 https://exchange.xforce.ibmcloud.com/vulnerabilities/13569 https://exchange.xforce.ibmcloud.com/vulnerabilities/40782 •
CVE-2002-2426
https://notcve.org/view.php?id=CVE-2002-2426
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. • http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt http://secunia.com/advisories/27633 http://support.citrix.com/article/CTX115245 http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor http://www.securityfocus.com/bid/26451 http://www.securitytracker.com/id?1018962 http://www.vupen.com/english/advisories/2007/3870 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2001-0716
https://notcve.org/view.php?id=CVE-2001-0716
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. • http://www.securityfocus.com/bid/3440 http://xforce.iss.net/alerts/advise99.php https://exchange.xforce.ibmcloud.com/vulnerabilities/7068 •
CVE-2001-0908
https://notcve.org/view.php?id=CVE-2001-0908
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). • http://marc.info/?l=bugtraq&m=100638693315933&w=2 http://www.securityfocus.com/bid/3566 https://exchange.xforce.ibmcloud.com/vulnerabilities/7538 •