CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10648
https://notcve.org/view.php?id=CVE-2018-10648
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Hay vulnerabilidades de subida de archivos sin autenticar en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3. • https://support.citrix.com/article/CTX234879 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10652
https://notcve.org/view.php?id=CVE-2018-10652
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Hay una vulnerabilidad de fuga de información sensible en Citrix XenMobile Server, en versiones 10.7 anteriores a la RP3. • https://support.citrix.com/article/CTX234879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2018-10653 – Citrix XenMobile Server 10.8 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2018-10653
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Hay una vulnerabilidad de procesamiento de XEE (XML External Entity) en Citrix XenMobile Server, en versiones 10.8 anteriores a la RP2 y 10.7 anteriores a la RP3. Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/47951 http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html https://support.citrix.com/article/CTX234879 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10649
https://notcve.org/view.php?id=CVE-2018-10649
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Hay una vulnerabilidad de Cross-Site Scripting (XSS) en Citrix XenMobile Server, en versiones 10.7 anteriores a la RP3. • https://support.citrix.com/article/CTX234879 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2018-7218
https://notcve.org/view.php?id=CVE-2018-7218
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. La funcionalidad AppFirewall en Citrix NetScaler Application Delivery Controller y NetScaler Gateway en versiones 10.5 anteriores a la Build 68.7, versiones 11.0 anteriores a la Build 71.24, versiones 11.1 anteriores a la Build 58.13 y versiones 12.0 anteriores a la Build 57.24 permite que atacantes remotos ejecuten código arbitrario mediante vectores sin especificar. • http://www.securitytracker.com/id/1040921 https://support.citrix.com/article/CTX234869 •