CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2010-2991
https://notcve.org/view.php?id=CVE-2010-2991
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. El interfaz ICAClient en la librería ICAClient del componente ICA Client ActiveX Object (también conocido como ICO) en Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior a v12.0.3 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un documento HTML manipulado que provoca la lectura de un archivo .ICA • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875 http://secunia.com/advisories/40819 http://secunia.com/advisories/40821 http://support.citrix.com/article/CTX125976 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2619
https://notcve.org/view.php?id=CVE-2010-2619
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." Citrix XenServer v5.0 Update 2 y anteriores, y v5.5 Update 1 y anteriores, cuando se utiliza un kernel pvops, permite causar una denegación de servicio a los usuarios invitados en el host a través de vectores no especificados que se generan "banderas con valores incorrectos". • http://secunia.com/advisories/40282 http://support.citrix.com/article/CTX125319 http://www.securitytracker.com/id?1024157 http://www.vupen.com/english/advisories/2010/1613 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0633
https://notcve.org/view.php?id=CVE-2010-0633
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors. Vulnerabilidad sin especificar en Citrix XenServer v5.0 Update 3 y anteriores, y v5.5, permite a usuarios locales evitar la autenticación y ejecutar llamadas API (XAPI) sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/38431 http://support.citrix.com/article/CTX123193 http://support.citrix.com/article/CTX123456 http://support.citrix.com/article/CTX123460 http://www.securityfocus.com/bid/38052 http://www.securitytracker.com/id?1023530 http://www.vupen.com/english/advisories/2010/0290 •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2009-3936
https://notcve.org/view.php?id=CVE-2009-3936
Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. Vulnerabilidad no especificada en Citrix Online Plug-in para Windows 11.0.x en versiones anteriores a la 11.0.150 y 11.x en versiones anteriores a la 11.2, Online Plug-in para Mac en versiones anteriores a la 11.0, Receiver para iPhone en versiones anteriores a la 1.0.3, y cliente ICA Java, Mac, UNIX, y Windows para XenApp y XenDesktop permite a atacantes remotos hacerse pasar por el servidor SSL/TLS y eludir la autenticación mediante un certificado manipulado, una vulnerabilidad diferente a CVE-2009-3555. • http://secunia.com/advisories/37319 http://support.citrix.com/article/CTX123248 http://www.securityfocus.com/bid/37073 http://www.securitytracker.com/id?1023168 http://www.vupen.com/english/advisories/2009/3206 https://exchange.xforce.ibmcloud.com/vulnerabilities/54213 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5CVE-2009-3757 – citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-3757
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en en el XenServer Resource Kit de Citrix XenCenterWeb, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de (1) el parámetro username de config/edituser.php; (2) los parámetros location, (3) sessionid y (4) vmname de console.php; (5) los parámetros vmrefid y (6) vmname de forcerestart.php; y (7) los parámetros vmname (8) vmrefid de forcesd.php. NOTA: Algunos de estos detalles han sido obtenidos de fuentes externas. • https://www.exploit-db.com/exploits/9106 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt http://securitytracker.com/id?1022520 http://www.exploit-db.com/exploits/9106 http://www.securityfocus.com/archive/1/504764 http://www.securityfocus.com/bid/35592 http://www.vupen.com/english/advisories/2009/1814 https://exchange.xforce.ibmcloud.com/vulnerabilities/51575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •