CVE-2015-5080
https://notcve.org/view.php?id=CVE-2015-5080
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. La interfaz de gestión en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.1 anterior a 10.1.132.8, 10.5 anterior a Build 56.15 y 10.5.e anterior a Build 56.1505.e, permite a usuarios remotos autenticados ejecutar comandos de shell arbitrarios a través de metacaracteres de shell en el parámetro de filtro to rapi/ipsec_logs. • http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf http://support.citrix.com/article/CTX201149 http://www.securityfocus.com/bid/75505 http://www.securitytracker.com/id/1032762 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2015-2829
https://notcve.org/view.php?id=CVE-2015-2829
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 10.5 Build 53.9 hasta 55.8 y 10.5.e Build 53-9010.e permiten a atacantes remotos causar una denegación de servicio (reinicio) a través de vectores no especificados. • http://support.citrix.com/article/CTX200861 http://www.securityfocus.com/bid/74473 http://www.securitytracker.com/id/1032242 •
CVE-2014-8580
https://notcve.org/view.php?id=CVE-2014-8580
Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors. Citrix NetScaler Application Delivery Controller y NetScaler Gateway 10.5.50.10 anterior a 10.5-52.11, 10.1.122.17 anterior a 10.1-129.11, y 10.1-120.1316.e anterior a 10.1-129.1105.e, cunado utilizan configuraciones no especificadas, permiten a usuarios remotos autenticados acceder a 'los recursos de la red' de otros usuarios a través de vectores desconocidos. • http://secunia.com/advisories/62114 http://support.citrix.com/article/CTX200254 http://www.securitytracker.com/id/1031212 https://exchange.xforce.ibmcloud.com/vulnerabilities/98661 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-7140 – Citrix Netscaler SOAP Handler - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7140
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en la interfaz de gestión en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.x anterior a 10.1-129.11 y 10.5 anterior a 10.5-50.10 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/35180 http://support.citrix.com/article/CTX200206 http://www.securitytracker.com/id/1031129 •