Vulnerabilities > Citrix
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-13 | CVE-2009-3936 | Cryptographic Issues vulnerability in Citrix products Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. | 5.8 |
2009-10-22 | CVE-2009-3760 | Code Injection vulnerability in Citrix Xencenterweb Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. | 7.5 |
2009-10-22 | CVE-2009-3759 | Cross-Site Request Forgery (CSRF) vulnerability in Citrix Xencenterweb Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. | 8.8 |
2009-10-22 | CVE-2009-3758 | SQL Injection vulnerability in Citrix Xencenterweb SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2009-10-22 | CVE-2009-3757 | Cross-Site Scripting vulnerability in Citrix Xencenterweb Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. | 4.3 |
2009-07-14 | CVE-2009-2454 | Cross-Site Scripting vulnerability in Citrix web Interface 4.6/5.0/5.0.1 Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-07-14 | CVE-2009-2453 | Permissions, Privileges, and Access Controls vulnerability in Citrix Presentation Server and Xenapp Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors. | 7.5 |
2009-07-14 | CVE-2009-2452 | Security vulnerability in Citrix Licensing 11.5 Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console." | 10.0 |
2009-06-25 | CVE-2009-2214 | Resource Management Errors vulnerability in Citrix Secure Gateway 3.0 The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | 5.0 |
2009-06-25 | CVE-2009-2213 | Incorrect Authorization vulnerability in Citrix products The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | 6.5 |