CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8283
https://notcve.org/view.php?id=CVE-2020-8283
14 Dec 2020 — An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. Un usuario autorizado en un host de Windows que ejecuta Citrix Universal Print Server, puede llevar a cabo comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versiones 7.15 LTSR CU6 hotfix CTX285... • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8269
https://notcve.org/view.php?id=CVE-2020-8269
16 Nov 2020 — An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 Un usuario de Windows no privilegiado en el VDA puede llevar a cabo una ejecución de comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, versión 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versión 7.15 LTSR CU6 hotfix CTX285344 y versión 7.6 LTSR CU9 • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13998
https://notcve.org/view.php?id=CVE-2020-13998
11 Jun 2020 — Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer ** VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ ** Citrix XenApp versión 6.5, cuando 2FA está habilitado, permite a un atacante remoto no autenticado determinar si existe un usuario en el servidor, porque la página de e... • https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96 • CWE-203: Observable Discrepancy CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6493
https://notcve.org/view.php?id=CVE-2016-6493
19 Aug 2016 — Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. Citrix XenApp 6.x en versiones anteriores a 6.5 HRP07 y 7.x en versiones anteriores a 7.9 y Citrix XenDesktop en versiones anteriores a 7.9 podría permitir a atacantes debilitar una mitigación de seguridad no especificada a través de vectores relacionados con permiso de memoria. • http://support.citrix.com/article/CTX215460 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-4810
https://notcve.org/view.php?id=CVE-2016-4810
01 Jun 2016 — Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. Citrix Studio en versiones anteriores a 7.6.1000, Citrix XenDesktop 7.x en versiones anteriores a 7.6 LTSR Cumulative Update 1 (CU1) y Citrix XenApp 7.5 y 7.6 permiten a atacantes establecer reglas Access Policy en el XenDesktop Delivery Controller a través de vectores no especif... • http://support.citrix.com/article/CTX213045 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2012-5161
https://notcve.org/view.php?id=CVE-2012-5161
26 Dec 2012 — The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. La interfaz del servicio XML de Citrix XenApp v6.5 y Feature Pack 1 v6.5 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/88368 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2009-2453
https://notcve.org/view.php?id=CVE-2009-2453
14 Jul 2009 — Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. Citrix XenApp (anteriormente Presentation Server) v4.5 Hotfix Rollup Pack 3 no aplica adecuadamente la política de accesos cuando es definida con los filtros Access Gateway Advanced Edition, lo cual permite a atacantes remotos evitar las restricciones previs... • http://osvdb.org/53900 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4676
https://notcve.org/view.php?id=CVE-2008-4676
22 Oct 2008 — Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. Vulnerabilidad no especificada en Citrix XenApp (formalmente Presentation Server) 4.5 Feature Pack 1 y versiones anteriores, Prese... • http://secunia.com/advisories/32017 • CWE-264: Permissions, Privileges, and Access Controls •