Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-10 | CVE-2006-5821 | Remote vulnerability in Citrix Metaframe and Metaframe Presentation Server Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. | 7.5 |
| 2006-09-19 | CVE-2006-4846 | Authentication Bypass vulnerability in Citrix Access Gateway 4.2 Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. | 5.1 |
| 2006-07-24 | CVE-2006-3779 | Privilege Escalation vulnerability in Citrix products Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | 6.5 |
| 2005-12-20 | CVE-2005-4412 | Local Security vulnerability in Citrix Program Neighborhood Client 9.1 Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | 2.1 |
| 2005-12-16 | CVE-2005-3652 | Buffer Overflow vulnerability in Citrix ICA Program Neighborhood Client 9.1 Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | 7.5 |
| 2005-12-03 | CVE-2005-3971 | Applications Login Form Cross-Site Scripting vulnerability in Citrix Metaframe Secure Access Manager and Nfuse Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. network citrix | 4.3 |
| 2005-05-02 | CVE-2005-0822 | Information Disclosure vulnerability in Citrix Metaframe Password Manager 2.5 Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. | 2.1 |
| 2005-05-02 | CVE-2005-0821 | Multiple vulnerability in Citrix MetaFrame Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | 7.5 |
| 2004-12-31 | CVE-2004-1902 | Unspecified vulnerability in Citrix Metaframe Password Manager 2.0 The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | 2.1 |
| 2004-04-26 | CVE-2004-1078 | Unspecified vulnerability in Citrix Metaframe Client and Program Neighborhood Agent Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. | 7.5 |