CVE-2017-7219
https://notcve.org/view.php?id=CVE-2017-7219
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Una vulnerabilidad de desbordamiento de montón en las versiones Citrix NetScaler Gateway 10.1 en versiones anteriores a 135.8/135.12, 10.5 en versiones anteriores a 65.11, 11.0 en versiones anteriores a 70.12 y 11.1 en versiones anteriores a 52.13 permite a un atacante remoto autenticado ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/97626 http://www.securitytracker.com/id/1038283 https://support.citrix.com/article/CTX222657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4945 – Citrix Netscaler 11.0 Build 64.35 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-4945
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. Vulnerabilidad de XSS en vpn/js/gateway_login_form_view.js en Citrix NetScaler Gateway 11.0 en versiones anteriores a Build 66.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cookie NSC_TMAC. The login page of the Citrix Netscaler Gateway web front-end is vulnerable to a DOM-based cross site scripting (XSS) vulnerability due to improper sanitization of the content of the "NSC_TMAC" cookie. • http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt http://support.citrix.com/article/CTX213313 http://www.securityfocus.com/archive/1/538515/100/0/threaded http://www.securitytracker.com/id/1036020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7997
https://notcve.org/view.php?id=CVE-2015-7997
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7998
https://notcve.org/view.php?id=CVE-2015-7998
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. La IU de administración en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener información sensible a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7996
https://notcve.org/view.php?id=CVE-2015-7996
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. La API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes obtener credenciales a través de la caché del navegador. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •