CVE-2009-2213
https://notcve.org/view.php?id=CVE-2009-2213
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. La configuración por defecto en las características de seguridad globales en el appliance Citrix NetScaler Access Gateway con el firmware Enterprise Edition 9.0, 8.1 y versiones anteriores especifica la opción "Allow for the Default Authorization Action" lo que puede permitir a usuarios remotos autenticados evitar las restricciones de acceso previstas. • http://support.citrix.com/article/CTX118770 http://www.securityfocus.com/bid/35422 http://www.vupen.com/english/advisories/2009/1641 https://exchange.xforce.ibmcloud.com/vulnerabilities/51274 • CWE-863: Incorrect Authorization •
CVE-2007-6192
https://notcve.org/view.php?id=CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. La interfaz de administración web en Citrix NetScaler 8.0 build 47.8 usa cifrado débil (XOR de datos sin relleno) para almacenar las credenciales dentro de una cookie, lo cual facilita a los atacantes remotos la obtención de credenciales en texto claro cuando la cookie es capturada mediante un ataque de texto plano conocido (known-plaintext attack). • http://securityreason.com/securityalert/3409 http://securitytracker.com/id?1018991 http://www.securityfocus.com/archive/1/484182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/38646 • CWE-310: Cryptographic Issues •
CVE-2007-6193
https://notcve.org/view.php?id=CVE-2007-6193
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. La interfaz web de administración en Citrix NetScaler 8.0 build 47.8 almacena la dirección IP del dispositivo primario en una cookie, lo cual podría permitir a atacantes remotos obtener información de configuración sensible si la dirección no es la misma que la usada en la interfaz web. • http://securityreason.com/securityalert/3409 http://www.securityfocus.com/archive/1/484182/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-6037 – Citrix Netscaler 8.0 build 47.8 - Generic_API_Call.pl Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6037
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en ws/generic_api_call.pl en Citrix NetScaler 8.0 build 47.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro standalone y otros parámetros no especificados. • https://www.exploit-db.com/exploits/30777 http://osvdb.org/39009 http://secunia.com/advisories/27726 http://securityreason.com/securityalert/3377 http://www.securityfocus.com/archive/1/483920/100/0/threaded http://www.securityfocus.com/bid/26491 http://www.securitytracker.com/id?1018981 http://www.vupen.com/english/advisories/2007/4065 https://exchange.xforce.ibmcloud.com/vulnerabilities/38563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •