CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5882
https://notcve.org/view.php?id=CVE-2008-5882
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. Vulnerabilidad de inyección SQL en login.asp en Citrix Application Gateway - Broadcast Server (BCS) versiones anteriores a v6.1, como el utilizado por Avaya AG250 - Broadcast Server versiones anteriores a v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "txtUID". • http://secunia.com/advisories/33127 http://securityreason.com/securityalert/4889 http://support.citrix.com/article/CTX119315 http://www.securityfocus.com/archive/1/499559/100/0/threaded http://www.securityfocus.com/bid/32832 http://www.securitytracker.com/id?1021411 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5716
https://notcve.org/view.php?id=CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. xend en Xen 3.3.0 no restringe adecuadamente el acceso de escritura de una máquina virtual invitada en el árbol de directorios xenstore /local/domain, lo que permite a usuarios del sistema operativo visitantes provocar una denegación de servicio y posiblemente tener otro impacto no especificado escribiendo en (1) console/tty, (2) console/limit, o (3) image/device-model-pid. NOTA: este problema existe debido a llamadas set_permissions erróneas en el parche para CVE-2008-4405. • http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html http://openwall.com/lists/oss-security/2008/12/19/1 http://www.securityfocus.com/bid/31499 https://exchange.xforce.ibmcloud.com/vulnerabilities/47668 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2008-5121 – Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM
https://notcve.org/view.php?id=CVE-2008-5121
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a través de una petición DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\.\DNE . • https://www.exploit-db.com/exploits/5837 http://secunia.com/advisories/30728 http://secunia.com/advisories/30744 http://secunia.com/advisories/30747 http://secunia.com/advisories/30753 http://securityreason.com/securityalert/4600 http://support.citrix.com/article/CTX117751 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860 http://www.digit-labs.org/files/exploits/dne2000-call.c http://www.kb.cert.org/vuls/id/858993 http://www&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5107
https://notcve.org/view.php?id=CVE-2008-5107
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. El proceso de instalación para Citrix Presentation Server 4.5 y Desktop Server 1.0, cuando MSI logging está habilitado, almacena las credenciales de la base de datos en archivos de log MSI, lo que permite a usuarios locales obtener estas credenciales leyendo los archivos de log. • http://support.citrix.com/article/CTX116228 http://www.securityfocus.com/bid/28047 http://www.vupen.com/english/advisories/2008/0705/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4676
https://notcve.org/view.php?id=CVE-2008-4676
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Presentation Server 4.0, y Access Essentials 1.0, 1.5, y 2.0 permite a los usuarios locales obtener privilegios a través de vectores de ataque desconocidos relativos a la creación de un archivo no especificado. NOTA: esto debería de ser el mismo asunto que CVE-2008-3485, pero el anuncio del vendedor es tan impreciso como para ser cierto. • http://secunia.com/advisories/32017 http://support.citrix.com/article/CTX116310 http://www.securityfocus.com/bid/31484 http://www.securitytracker.com/id?1020954 http://www.vupen.com/english/advisories/2008/2702 https://exchange.xforce.ibmcloud.com/vulnerabilities/45507 • CWE-264: Permissions, Privileges, and Access Controls •