CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6193
https://notcve.org/view.php?id=CVE-2007-6193
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. La interfaz web de administración en Citrix NetScaler 8.0 build 47.8 almacena la dirección IP del dispositivo primario en una cookie, lo cual podría permitir a atacantes remotos obtener información de configuración sensible si la dirección no es la misma que la usada en la interfaz web. • http://securityreason.com/securityalert/3409 http://www.securityfocus.com/archive/1/484182/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6037 – Citrix Netscaler 8.0 build 47.8 - Generic_API_Call.pl Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6037
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en ws/generic_api_call.pl en Citrix NetScaler 8.0 build 47.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro standalone y otros parámetros no especificados. • https://www.exploit-db.com/exploits/30777 http://osvdb.org/39009 http://secunia.com/advisories/27726 http://securityreason.com/securityalert/3377 http://www.securityfocus.com/archive/1/483920/100/0/threaded http://www.securityfocus.com/bid/26491 http://www.securitytracker.com/id?1018981 http://www.vupen.com/english/advisories/2007/4065 https://exchange.xforce.ibmcloud.com/vulnerabilities/38563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2007-0011
https://notcve.org/view.php?id=CVE-2007-0011
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. El interfaz del portal web de Citrix Access Gateway (también conocido como Citrix Advanced Access Control) versiones anteriores a Advanced Edition 4.5 HF1, sitúa un ID de sesión en el URL, lo cual permite a atacantes locales o remotos dependientes del contexto secuestrar sesiones al leer "información residual", incluyendo un fichero de trazas utilizado, historial del navegador, o la caché del navegador. • http://osvdb.org/45288 http://secunia.com/advisories/26143 http://securitytracker.com/id?1018435 http://support.citrix.com/article/CTX112803 http://support.citrix.com/article/CTX113814 http://www.securityfocus.com/archive/1/482626/100/100/threaded http://www.securityfocus.com/bid/24975 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35510 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 2%CPEs: 2EXPL: 0CVE-2007-4017
https://notcve.org/view.php?id=CVE-2007-4017
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola del administrador basado en web en Citrix Access Gateway anterior al software empotrado (firmware) 4.5.5 permite a atacantes remotos llevar a cabo ciertos cambios de configuracion como administradores. • http://osvdb.org/37841 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113817 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35513 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4018
https://notcve.org/view.php?id=CVE-2007-4018
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. Citrix Access Gateway Advanced Edition anterior a software empotrado (firmware) 4.5.5 permite a atacantes remotos redireccionar usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores desconocidos. • http://osvdb.org/37840 http://secunia.com/advisories/26143 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX114028 http://www.securityfocus.com/bid/24975 http://www.securitytracker.com/id?1018435 http://www.vupen.com/english/advisories/2007/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/35512 •