CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1902
https://notcve.org/view.php?id=CVE-2004-1902
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. • http://marc.info/?l=bugtraq&m=108127948610311&w=2 http://secunia.com/advisories/11293 http://securitytracker.com/id?1009659 http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256 http://www.osvdb.org/4942 http://www.securityfocus.com/bid/10049 https://exchange.xforce.ibmcloud.com/vulnerabilities/15737 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2004-1077
https://notcve.org/view.php?id=CVE-2004-1077
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive. • http://secunia.com/advisories/15108 http://support.citrix.com/kb/entry.jspa?externalID=CTX105650 http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2004-1078
https://notcve.org/view.php?id=CVE-2004-1078
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. • http://secunia.com/advisories/15108 http://support.citrix.com/kb/entry.jspa?externalID=CTX105650 http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2003-1157 – Citrix Metaframe XP - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1157
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. • https://www.exploit-db.com/exploits/23316 http://secunia.com/advisories/10127 http://www.osvdb.org/2762 http://www.securityfocus.com/archive/1/343040 http://www.securityfocus.com/bid/27948 http://www.securityfocus.com/bid/8939 https://exchange.xforce.ibmcloud.com/vulnerabilities/13569 https://exchange.xforce.ibmcloud.com/vulnerabilities/40782 •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2002-2426
https://notcve.org/view.php?id=CVE-2002-2426
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. • http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt http://secunia.com/advisories/27633 http://support.citrix.com/article/CTX115245 http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor http://www.securityfocus.com/bid/26451 http://www.securitytracker.com/id?1018962 http://www.vupen.com/english/advisories/2007/3870 • CWE-352: Cross-Site Request Forgery (CSRF) •