CVE-2009-2453
https://notcve.org/view.php?id=CVE-2009-2453
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. Citrix XenApp (anteriormente Presentation Server) v4.5 Hotfix Rollup Pack 3 no aplica adecuadamente la política de accesos cuando es definida con los filtros Access Gateway Advanced Edition, lo cual permite a atacantes remotos evitar las restricciones previstas a través de vectores desconocidos. • http://osvdb.org/53900 http://secunia.com/advisories/34865 http://support.citrix.com/article/CTX118792 http://www.securityfocus.com/bid/34691 http://www.securitytracker.com/id?1022114 http://www.vupen.com/english/advisories/2009/1154 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5107
https://notcve.org/view.php?id=CVE-2008-5107
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. El proceso de instalación para Citrix Presentation Server 4.5 y Desktop Server 1.0, cuando MSI logging está habilitado, almacena las credenciales de la base de datos en archivos de log MSI, lo que permite a usuarios locales obtener estas credenciales leyendo los archivos de log. • http://support.citrix.com/article/CTX116228 http://www.securityfocus.com/bid/28047 http://www.vupen.com/english/advisories/2008/0705/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4676
https://notcve.org/view.php?id=CVE-2008-4676
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Presentation Server 4.0, y Access Essentials 1.0, 1.5, y 2.0 permite a los usuarios locales obtener privilegios a través de vectores de ataque desconocidos relativos a la creación de un archivo no especificado. NOTA: esto debería de ser el mismo asunto que CVE-2008-3485, pero el anuncio del vendedor es tan impreciso como para ser cierto. • http://secunia.com/advisories/32017 http://support.citrix.com/article/CTX116310 http://www.securityfocus.com/bid/31484 http://www.securitytracker.com/id?1020954 http://www.vupen.com/english/advisories/2008/2702 https://exchange.xforce.ibmcloud.com/vulnerabilities/45507 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2299
https://notcve.org/view.php?id=CVE-2008-2299
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. Vulnerabilidad no especificada en SecureICA e ICA Basic encryption de Citrix Presentation Server 4.5 y anteriores, Access Essentials 2.0 y anteriores y Desktop Server 1.0 puede provocar que los clientes usen configuraciones de encriptado más débiles que las configuradas por el administrador, lo que podría permitir a los atacantes evitar las restricciones previstas. • http://secunia.com/advisories/30271 http://support.citrix.com/article/CTX114893 http://www.securityfocus.com/bid/29233 http://www.securitytracker.com/id?1020026 http://www.vupen.com/english/advisories/2008/1531/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42444 • CWE-310: Cryptographic Issues •
CVE-2007-6267
https://notcve.org/view.php?id=CVE-2007-6267
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. Vulnerabilidad en Citrix EdgeSight 4.2 y 4.5 para Presentation Server, EdgeSight 4.2 y 4.5 para Endpoints, y EdgeSight para NetScaler 1.0 y 1.1 . No guardan correctamente los credenciales de la base de datos en archivos de configuración, lo que permite que un usuario local pueda obtener información sensible. • http://secunia.com/advisories/27935 http://support.citrix.com/article/CTX115281 http://www.securityfocus.com/bid/26705 http://www.securitytracker.com/id?1019050 http://www.vupen.com/english/advisories/2007/4091 https://exchange.xforce.ibmcloud.com/vulnerabilities/38861 • CWE-255: Credentials Management Errors •