CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1196
https://notcve.org/view.php?id=CVE-2007-1196
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. Vulnerabilidad no especificada en Citrix Presentation Server Client para Windows anterior a 10.0 permiet a sitios web remotos ejecutar código de su elección a través de vectores no especificados, relacionado con la implementación de conectividad ICA a través de servidores proxy. • http://osvdb.org/33833 http://secunia.com/advisories/24350 http://support.citrix.com/article/CTX112589 http://www.kb.cert.org/vuls/id/798364 http://www.securityfocus.com/bid/22762 http://www.securitytracker.com/id?1017712 http://www.vupen.com/english/advisories/2007/0784 https://exchange.xforce.ibmcloud.com/vulnerabilities/32754 •
CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 1CVE-2007-0444 – Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0444
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca print provider (cpprov.dll) en Citrix Presentation Server versión 4.0, MetaFrame Presentation Server versión 3.0 y MetaFrame XP versión 1.0 permite a los usuarios locales y a los atacantes remotos ejecutar código arbitrario por medio de argumentos largos a las funciones (1) EnumPrintersW y (2) OpenPrinter. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability. The specific flaw exists in a print provider installed by the Presentation Server. The cpprov.dll library doesn't properly handle certain invalid calls to the EnumPrintersW() and OpenPrinter() functions. • https://www.exploit-db.com/exploits/3204 http://osvdb.org/32958 http://secunia.com/advisories/23869 http://securitytracker.com/id?1017553 http://support.citrix.com/article/CTX111686 http://www.securityfocus.com/archive/1/458002/100/0/threaded http://www.securityfocus.com/bid/22217 http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c http://www.vupen.com/english/advisories/2007/0328 http://www.zerodayinitiative.com/advisories/ZDI-07-006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2006-6573
https://notcve.org/view.php?id=CVE-2006-6573
Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. Vulnerabilidad sin especificar en el Citrix Access Gateway 4.5 Advanced Edition y 4.2 con el Advanced Access Control (AAC) 4.2, cuando se está utilizando la Access Gateway appliance desde la 4.2 hasta la 4.2.2 inclusive, permite a atacantes remotos autenticados, conseguir acceso a los datos y obtener información sensible mediante vectores sin especificar. • http://secunia.com/advisories/22908 http://secunia.com/advisories/22909 http://securitytracker.com/id?1017228 http://support.citrix.com/article/CTX111695 http://www.kb.cert.org/vuls/id/555220 http://www.securityfocus.com/bid/21079 http://www.vupen.com/english/advisories/2006/4524 https://exchange.xforce.ibmcloud.com/vulnerabilities/30298 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-6572
https://notcve.org/view.php?id=CVE-2006-6572
Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en Citrix Advanced Access Control (AAC) Option 4.0, y Access Gateway 4.2 con Advanced Access Control 4.2, anterior a 20061114, cuando el acceso a la característica Browser-Only está activado, permite a usuarios remotos validados evitar las políticas de acceso a través de ciertos métodos de login, un asunto diferente que CVE-2006-4846. NOTA: algunos de estos detalles se obtuvieron de fuentes de información de terceros. • http://secunia.com/advisories/22909 http://securitytracker.com/id?1017227 http://support.citrix.com/article/CTX111614 http://support.citrix.com/article/CTX111615 http://www.securityfocus.com/bid/21080 http://www.vupen.com/english/advisories/2006/4525 https://exchange.xforce.ibmcloud.com/vulnerabilities/30302 https://exchange.xforce.ibmcloud.com/vulnerabilities/30303 •
CVSS: 6.8EPSS: 13%CPEs: 1EXPL: 3CVE-2006-6334 – Citrix Presentation Server Client - 'WFICA.OCX' ActiveX Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6334
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. Desbordamiento de búfer basado en montón en la función SendChannelData en wfica.ocx de Citrix Presentation Server Client versiones anteriores a 9.230 para Windows permite a sitios web remotos maliciosos ejecutar código de su elección mediante un parámetro DataSize que es menor que la longitud del búfer Data. • https://www.exploit-db.com/exploits/5106 http://fortconsult.net/files/fortconsult.dk/citrix_advisory_dec2006.pdf http://secunia.com/advisories/23246 http://securityreason.com/securityalert/1995 http://securitytracker.com/id?1017343 http://support.citrix.com/article/CTX111827 http://www.citrix.com/English/SS/downloads/downloads.asp?dID=2755 http://www.kb.cert.org/vuls/id/210969 http://www.securityfocus.com/archive/1/453760/100/0/threaded http://www.securityfocus.com/bid/21458 h •