CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-6672
https://notcve.org/view.php?id=CVE-2015-6672
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Administrative Web Interface en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 132.8, 10.5 en versiones anteriores a Build 57.7 y 10.5e en versiones anteriores a Build 56.1505.e, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://support.citrix.com/article/CTX201334 http://www.securitytracker.com/id/1033618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 27EXPL: 0CVE-2015-5080
https://notcve.org/view.php?id=CVE-2015-5080
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. La interfaz de gestión en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.1 anterior a 10.1.132.8, 10.5 anterior a Build 56.15 y 10.5.e anterior a Build 56.1505.e, permite a usuarios remotos autenticados ejecutar comandos de shell arbitrarios a través de metacaracteres de shell en el parámetro de filtro to rapi/ipsec_logs. • http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf http://support.citrix.com/article/CTX201149 http://www.securityfocus.com/bid/75505 http://www.securitytracker.com/id/1032762 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2829
https://notcve.org/view.php?id=CVE-2015-2829
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 10.5 Build 53.9 hasta 55.8 y 10.5.e Build 53-9010.e permiten a atacantes remotos causar una denegación de servicio (reinicio) a través de vectores no especificados. • http://support.citrix.com/article/CTX200861 http://www.securityfocus.com/bid/74473 http://www.securitytracker.com/id/1032242 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-2838 – Citrix Nitro SDK - Command Injection
https://notcve.org/view.php?id=CVE-2015-2838
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. Vulnerabilidad de CSRF en la API Nitro en Citrix NetScaler anterior a 10.5 build 52.3nc permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que ejecutan comandos arbitrarios como nsroot a través de metacaracteres de shell en el miembro de JSON file_name en params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. • https://www.exploit-db.com/exploits/36442 http://packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.html http://seclists.org/fulldisclosure/2015/Mar/129 http://www.securityfocus.com/archive/1/534936/100/0/threaded http://www.securityfocus.com/bid/73358 https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2840
https://notcve.org/view.php?id=CVE-2015-2840
Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. Vulnerabilidad de XSS en help/rt/large_search.html en Citrix NetScaler anterior a 10.5 build 52.3nc permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro searchQuery. • http://packetstormsecurity.com/files/130936/Citrix-NetScaler-VPX-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/130 http://www.securityfocus.com/archive/1/534934/100/0/threaded http://www.securityfocus.com/bid/73342 https://www.securify.nl/advisory/SFY20140807/citrix_netscaler_vpx_help_pages_are_vulnerable_to_cross_site_scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •