CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 0CVE-2011-2593
https://notcve.org/view.php?id=CVE-2011-2593
12 Aug 2014 — Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. Desbordamiento de enteros en el método StartEpa en el control nsepacom ActiveX (nsepa.exe) en Citrix Access Gateway Enterprise Edition Plug-in para Windows 9.x anterior a 9.3-57.5 y... • http://secunia.com/advisories/45299 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2014-4346 – Citrix Netscaler Disclosure / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4346
16 Jul 2014 — Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz del usuario de administración en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) 10.1 a... • https://packetstorm.news/files/id/127496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2014-4347 – Citrix Netscaler Disclosure / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4347
16 Jul 2014 — Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway (anteriormente Access Gateway Enterprise Edition) anterior a 9.3-62.4 y 10.x anterior a 10.1-126.12 permite a atacantes obtener información sensible a través de vectores relacionados con un... • https://packetstorm.news/files/id/127496 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 18%CPEs: 5EXPL: 0CVE-2011-2592
https://notcve.org/view.php?id=CVE-2011-2592
18 Jun 2014 — Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. Desbordamiento de buffer basado en memoria dinámica en el método StartEpa en el control nsepacom ActiveX (nsepa.exe) en Citrix Access Gateway Enterprise Edition Plug-in para Windows 9.x anterior a 9.3-57.5 y 10.0 anterio... • http://archives.neohapsis.com/archives/bugtraq/2012-08/0009.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1899
https://notcve.org/view.php?id=CVE-2014-1899
02 May 2014 — Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Citrix NetScaler Gateway (anteriormente Citrix Access Gateway Enterprise Edition) 9.x anterior a 9.3.66.5 y 10.x anterior a 10.1.123.9 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no espec... • http://www.securityfocus.com/bid/67177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2881 – Citrix Netscaler Diffie-Hellman Key Exchange Issue
https://notcve.org/view.php?id=CVE-2014-2881
01 May 2014 — Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. Vulnerabilidad no especificada en la implementación de acuerdo clave Diffie-Hellman en el Applet Java de gestión de la interfaz gráfica de usuario en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 ... • http://support.citrix.com/article/CTX140651 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2882 – Citrix Netscaler SSL Certificate Validation
https://notcve.org/view.php?id=CVE-2014-2882
01 May 2014 — Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. Vulnerabilidad no especificada en la GUI de gestión en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 y 10.x anterior a 10.1-122.17 tiene impacto y vectores no especificados, relacionado con validación de certificado. The... • http://support.citrix.com/article/CTX140651 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2013-2767
https://notcve.org/view.php?id=CVE-2013-2767
25 Apr 2013 — Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. Vulnerabilidad no especificada en Citrix NetScaler Access Gateway Enterprise Edition (AGEE) antes de v9.3.62.4 y v10.x hasta v10.0.74.4 y NetScaler AGEE Common Criteria antes de v9.3.53.6, permite a atacantes remotos evitar las re... • http://support.citrix.com/article/ctx137238 •