Vulnerabilities > Citrix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-26 | CVE-2007-4017 | Remote vulnerability in Citrix Access Gateway 4.5 Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. | 7.6 |
| 2007-01-24 | CVE-2007-0444 | Buffer Errors vulnerability in Citrix Metaframe and Metaframe Presentation Server Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. | 7.2 |
| 2006-11-10 | CVE-2006-5821 | Remote vulnerability in Citrix Metaframe and Metaframe Presentation Server Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. | 7.5 |
| 2005-12-16 | CVE-2005-3652 | Buffer Overflow vulnerability in Citrix ICA Program Neighborhood Client 9.1 Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | 7.5 |
| 2005-05-02 | CVE-2005-0821 | Multiple vulnerability in Citrix MetaFrame Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | 7.5 |
| 2004-04-26 | CVE-2004-1078 | Unspecified vulnerability in Citrix Metaframe Client and Program Neighborhood Agent Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. | 7.5 |
| 2002-08-12 | CVE-2002-0504 | Cross-Site Scripting vulnerability in Citrix Nfuse 1.5/1.51/1.6 Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | 7.5 |
| 2001-12-13 | CVE-2001-1192 | Unspecified vulnerability in Citrix ICA Client 6.1 Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. | 7.5 |
| 2001-11-21 | CVE-2001-0908 | Unspecified vulnerability in Citrix Metaframe 1.8 CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. | 7.5 |