CVE-2008-2299
https://notcve.org/view.php?id=CVE-2008-2299
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. Vulnerabilidad no especificada en SecureICA e ICA Basic encryption de Citrix Presentation Server 4.5 y anteriores, Access Essentials 2.0 y anteriores y Desktop Server 1.0 puede provocar que los clientes usen configuraciones de encriptado más débiles que las configuradas por el administrador, lo que podría permitir a los atacantes evitar las restricciones previstas. • http://secunia.com/advisories/30271 http://support.citrix.com/article/CTX114893 http://www.securityfocus.com/bid/29233 http://www.securitytracker.com/id?1020026 http://www.vupen.com/english/advisories/2008/1531/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42444 • CWE-310: Cryptographic Issues •
CVE-2008-0356 – Citrix Metaframe Presentation Server IMA Service Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0356
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. Desbordamiento de búfer en el servicio Independent Management Architecture (IMA) de Citrix Presentation Server (MetaFrame Presentation Server) 4.5 y versiones anteriores, Access Essentials 2.0 y versiones anteriores, y Desktop Server 1.0 permite a atacantes remotos ejecutar código de su elección mediante un valor de tamaño inválido en un paquete al puerto TCP 2512 ó 2513. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Independent Management Architecture service, ImaSrv.exe, which listens by default on TCP port 2512 or 2513. The process trusts a user-suppled value as a parameter to a memory allocation. • http://secunia.com/advisories/28508 http://support.citrix.com/article/CTX114487 http://www.kb.cert.org/vuls/id/412228 http://www.securityfocus.com/archive/1/486585/100/0/threaded http://www.securityfocus.com/bid/27329 http://www.securitytracker.com/id?1019231 http://www.vupen.com/english/advisories/2008/0172 http://zerodayinitiative.com/advisories/ZDI-08-002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-6477
https://notcve.org/view.php?id=CVE-2007-6477
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de ayuda en línea de Citrix Web Interface 2.0 y versiones anteriores, y NFuse, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. • http://secunia.com/advisories/28150 http://support.citrix.com/article/CTX115283 http://www.securityfocus.com/bid/26933 http://www.securitytracker.com/id?1019132 http://www.vupen.com/english/advisories/2007/4254 https://exchange.xforce.ibmcloud.com/vulnerabilities/39123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6267
https://notcve.org/view.php?id=CVE-2007-6267
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. Vulnerabilidad en Citrix EdgeSight 4.2 y 4.5 para Presentation Server, EdgeSight 4.2 y 4.5 para Endpoints, y EdgeSight para NetScaler 1.0 y 1.1 . No guardan correctamente los credenciales de la base de datos en archivos de configuración, lo que permite que un usuario local pueda obtener información sensible. • http://secunia.com/advisories/27935 http://support.citrix.com/article/CTX115281 http://www.securityfocus.com/bid/26705 http://www.securitytracker.com/id?1019050 http://www.vupen.com/english/advisories/2007/4091 https://exchange.xforce.ibmcloud.com/vulnerabilities/38861 • CWE-255: Credentials Management Errors •
CVE-2007-6192
https://notcve.org/view.php?id=CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. La interfaz de administración web en Citrix NetScaler 8.0 build 47.8 usa cifrado débil (XOR de datos sin relleno) para almacenar las credenciales dentro de una cookie, lo cual facilita a los atacantes remotos la obtención de credenciales en texto claro cuando la cookie es capturada mediante un ataque de texto plano conocido (known-plaintext attack). • http://securityreason.com/securityalert/3409 http://securitytracker.com/id?1018991 http://www.securityfocus.com/archive/1/484182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/38646 • CWE-310: Cryptographic Issues •