Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-08 | CVE-2008-6830 | Unspecified vulnerability in Citrix web Interface 5.0/5.0.1 The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. | 4.0 |
| 2009-03-31 | CVE-2008-6561 | Information Exposure vulnerability in Citrix Presentation Server Client 10.200 Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | 1.9 |
| 2009-01-09 | CVE-2008-5882 | SQL Injection vulnerability in multiple products SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | 7.5 |
| 2008-12-24 | CVE-2008-5716 | Permissions, Privileges, and Access Controls vulnerability in Citrix XEN 3.3.0 xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. | 7.2 |
| 2008-11-18 | CVE-2008-5121 | Permissions, Privileges, and Access Controls vulnerability in Citrix Deterministic Network Enhancer 2.21.7.223/3.21.7.17464 dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | 7.2 |
| 2008-11-17 | CVE-2008-5107 | Information Exposure vulnerability in Citrix Desktop Server and Presentation Server The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | 1.9 |
| 2008-10-22 | CVE-2008-4676 | Permissions, Privileges, and Access Controls vulnerability in Citrix Access Essentials, Presentation Server and Xenapp Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. | 6.8 |
| 2008-10-03 | CVE-2008-4405 | Permissions, Privileges, and Access Controls vulnerability in Citrix XEN 3.0.3 xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. | 7.2 |
| 2008-08-06 | CVE-2008-3485 | Permissions, Privileges, and Access Controls vulnerability in Citrix Metaframe Presentation Server and XP Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. | 7.2 |
| 2008-07-22 | CVE-2008-3253 | Cross-Site Scripting vulnerability in Citrix Xenserver 4.1.0 Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |