Vulnerabilities > Citrix > Netscaler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-02 | CVE-2013-3620 | Insufficiently Protected Credentials vulnerability in multiple products Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | 5.0 |
| 2020-01-02 | CVE-2013-3619 | Use of Hard-coded Credentials vulnerability in multiple products Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | 4.3 |
| 2018-02-01 | CVE-2018-6186 | Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0 Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. | 9.0 |
| 2016-02-17 | CVE-2016-2072 | 7PK - Security Features vulnerability in Citrix Netscaler The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
| 2016-02-17 | CVE-2016-2071 | Permissions, Privileges, and Access Controls vulnerability in Citrix Netscaler 10.5/10.5E/11.0 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | 10.0 |
| 2015-04-03 | CVE-2015-2841 | Improper Access Control vulnerability in Citrix Netscaler 10.5 Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | 5.0 |
| 2015-04-03 | CVE-2015-2840 | Cross-site Scripting vulnerability in Citrix Netscaler 10.5 Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. | 4.3 |
| 2015-04-03 | CVE-2015-2839 | Cross-site Scripting vulnerability in Citrix Netscaler 10.5 The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | 4.3 |
| 2015-04-03 | CVE-2015-2838 | Cross-Site Request Forgery (CSRF) vulnerability in Citrix Netscaler 10.5 Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | 6.8 |
| 2007-11-30 | CVE-2007-6193 | Information Exposure vulnerability in Citrix Netscaler 8.0 The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | 5.0 |