CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4676
https://notcve.org/view.php?id=CVE-2008-4676
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Presentation Server 4.0, y Access Essentials 1.0, 1.5, y 2.0 permite a los usuarios locales obtener privilegios a través de vectores de ataque desconocidos relativos a la creación de un archivo no especificado. NOTA: esto debería de ser el mismo asunto que CVE-2008-3485, pero el anuncio del vendedor es tan impreciso como para ser cierto. • http://secunia.com/advisories/32017 http://support.citrix.com/article/CTX116310 http://www.securityfocus.com/bid/31484 http://www.securitytracker.com/id?1020954 http://www.vupen.com/english/advisories/2008/2702 https://exchange.xforce.ibmcloud.com/vulnerabilities/45507 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2300
https://notcve.org/view.php?id=CVE-2008-2300
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. Vulnerabilidad sin especificar en Citrix Presentation Server 4.5 y anteriores, Citrix Access Essentials 2.0 y anteriores y Citrix Desktop Server 1.0 permite a atacantes autentificados remotamente acceder a escritorios no autorizados mediante vectores de ataque desconocidos. • http://secunia.com/advisories/30271 http://support.citrix.com/article/CTX116941 http://www.securityfocus.com/bid/29232 http://www.securitytracker.com/id?1020027 http://www.vupen.com/english/advisories/2008/1530/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42439 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2299
https://notcve.org/view.php?id=CVE-2008-2299
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. Vulnerabilidad no especificada en SecureICA e ICA Basic encryption de Citrix Presentation Server 4.5 y anteriores, Access Essentials 2.0 y anteriores y Desktop Server 1.0 puede provocar que los clientes usen configuraciones de encriptado más débiles que las configuradas por el administrador, lo que podría permitir a los atacantes evitar las restricciones previstas. • http://secunia.com/advisories/30271 http://support.citrix.com/article/CTX114893 http://www.securityfocus.com/bid/29233 http://www.securitytracker.com/id?1020026 http://www.vupen.com/english/advisories/2008/1531/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42444 • CWE-310: Cryptographic Issues •
CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 1CVE-2007-0444 – Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0444
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca print provider (cpprov.dll) en Citrix Presentation Server versión 4.0, MetaFrame Presentation Server versión 3.0 y MetaFrame XP versión 1.0 permite a los usuarios locales y a los atacantes remotos ejecutar código arbitrario por medio de argumentos largos a las funciones (1) EnumPrintersW y (2) OpenPrinter. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Citrix Presentation Server, Metaframe Presentation Server or MetaFrame XP. Authentication is not required to exploit this vulnerability. The specific flaw exists in a print provider installed by the Presentation Server. The cpprov.dll library doesn't properly handle certain invalid calls to the EnumPrintersW() and OpenPrinter() functions. • https://www.exploit-db.com/exploits/3204 http://osvdb.org/32958 http://secunia.com/advisories/23869 http://securitytracker.com/id?1017553 http://support.citrix.com/article/CTX111686 http://www.securityfocus.com/archive/1/458002/100/0/threaded http://www.securityfocus.com/bid/22217 http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c http://www.vupen.com/english/advisories/2007/0328 http://www.zerodayinitiative.com/advisories/ZDI-07-006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 48%CPEs: 4EXPL: 0CVE-2006-5861
https://notcve.org/view.php?id=CVE-2006-5861
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. El servicio (ImaSrv.exe) del Independent Management Architecture (IMA) en el Citrix MetaFrame XP 1.0 y 2.0, and Presentation Server 3.0 y 4.0, permite a atacantes remotos provocar una denegación de servicio (salida del servicio) mediante un paquete manipulado que provoca que el servicio acceda a una dirección de memoria sin mapear y dispare una excepción inmanejable. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441 http://secunia.com/advisories/22802 http://securitytracker.com/id?1017205 http://support.citrix.com/article/CTX111186 http://www.securityfocus.com/bid/20986 http://www.vupen.com/english/advisories/2006/4429 https://exchange.xforce.ibmcloud.com/vulnerabilities/30156 •