CVE-2015-3642
https://notcve.org/view.php?id=CVE-2015-3642
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Las funcionalidades de procesamiento TLS y DTLS en dispositivos Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway con versiones de firmware 9.x anteriores a 9.3 Build 68.5, 10.0 en su versión Build 78.6, 10.1 anterior a Build 130.13, 10.1.e anterior a Build 130.1302.e, 10.5 anterior a Build 55.8, y 10.5.e anterior a Build 55.8007.e hacen que sea más fácil que atacantes que realizan Man-in-the-middle obtengan datos en texto plano mediante un ataque padding-oracle, variante de CVE-2014-3566, también conocido como POODLE. • http://support.citrix.com/article/CTX200378 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7219
https://notcve.org/view.php?id=CVE-2017-7219
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Una vulnerabilidad de desbordamiento de montón en las versiones Citrix NetScaler Gateway 10.1 en versiones anteriores a 135.8/135.12, 10.5 en versiones anteriores a 65.11, 11.0 en versiones anteriores a 70.12 y 11.1 en versiones anteriores a 52.13 permite a un atacante remoto autenticado ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/97626 http://www.securitytracker.com/id/1038283 https://support.citrix.com/article/CTX222657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4945 – Citrix Netscaler 11.0 Build 64.35 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-4945
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. Vulnerabilidad de XSS en vpn/js/gateway_login_form_view.js en Citrix NetScaler Gateway 11.0 en versiones anteriores a Build 66.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cookie NSC_TMAC. The login page of the Citrix Netscaler Gateway web front-end is vulnerable to a DOM-based cross site scripting (XSS) vulnerability due to improper sanitization of the content of the "NSC_TMAC" cookie. • http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt http://support.citrix.com/article/CTX213313 http://www.securityfocus.com/archive/1/538515/100/0/threaded http://www.securitytracker.com/id/1036020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7997
https://notcve.org/view.php?id=CVE-2015-7997
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la API Nitro en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7998
https://notcve.org/view.php?id=CVE-2015-7998
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. La IU de administración en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway en versiones anteriores a 10.1 Build 133.9, 10.5 en versiones anteriores a Build 58.11 y 10.5.e en versiones anteriores a Build 56.1505.e en dispositivos NetScaler Service Delivery Appliance Service VM (SVM), permite a atacantes obtener información sensible a través de vectores no especificados. • http://support.citrix.com/article/CTX202482 http://www.securitytracker.com/id/1034167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •