CVE-2009-2453
https://notcve.org/view.php?id=CVE-2009-2453
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. Citrix XenApp (anteriormente Presentation Server) v4.5 Hotfix Rollup Pack 3 no aplica adecuadamente la política de accesos cuando es definida con los filtros Access Gateway Advanced Edition, lo cual permite a atacantes remotos evitar las restricciones previstas a través de vectores desconocidos. • http://osvdb.org/53900 http://secunia.com/advisories/34865 http://support.citrix.com/article/CTX118792 http://www.securityfocus.com/bid/34691 http://www.securitytracker.com/id?1022114 http://www.vupen.com/english/advisories/2009/1154 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-6561
https://notcve.org/view.php?id=CVE-2008-6561
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. Citrix Presentation Server Client para Windows versiones anteiores a v10.200 no limpia "información confidencial" de procesos de memoria en circunstancias sin especificar, lo cual permite a usuarios locales conseguir privilegios. • http://support.citrix.com/article/CTX116227 http://www.securitytracker.com/id?1019605 http://www.vupen.com/english/advisories/2008/0845 https://exchange.xforce.ibmcloud.com/vulnerabilities/41102 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5107
https://notcve.org/view.php?id=CVE-2008-5107
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. El proceso de instalación para Citrix Presentation Server 4.5 y Desktop Server 1.0, cuando MSI logging está habilitado, almacena las credenciales de la base de datos en archivos de log MSI, lo que permite a usuarios locales obtener estas credenciales leyendo los archivos de log. • http://support.citrix.com/article/CTX116228 http://www.securityfocus.com/bid/28047 http://www.vupen.com/english/advisories/2008/0705/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4676
https://notcve.org/view.php?id=CVE-2008-4676
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Presentation Server 4.0, y Access Essentials 1.0, 1.5, y 2.0 permite a los usuarios locales obtener privilegios a través de vectores de ataque desconocidos relativos a la creación de un archivo no especificado. NOTA: esto debería de ser el mismo asunto que CVE-2008-3485, pero el anuncio del vendedor es tan impreciso como para ser cierto. • http://secunia.com/advisories/32017 http://support.citrix.com/article/CTX116310 http://www.securityfocus.com/bid/31484 http://www.securitytracker.com/id?1020954 http://www.vupen.com/english/advisories/2008/2702 https://exchange.xforce.ibmcloud.com/vulnerabilities/45507 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3485
https://notcve.org/view.php?id=CVE-2008-3485
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. Vulnerabilidad de ruta de búsqueda no confiable en Citrix MetaFrame Presentation Server permite a usuarios locales conseguir privilegios a través de un icabar.exe malicioso colocado en una ruta de búsqueda. • http://securityreason.com/securityalert/4110 http://www.securityfocus.com/archive/1/494952/100/0/threaded http://www.securityfocus.com/bid/30446 https://exchange.xforce.ibmcloud.com/vulnerabilities/44490 • CWE-264: Permissions, Privileges, and Access Controls •