Vulnerabilities > Citrix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-10 | CVE-2006-5861 | Denial-Of-Service vulnerability in Citrix Metaframe and Metaframe Presentation Server The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. | 5.0 |
| 2006-09-19 | CVE-2006-4846 | Authentication Bypass vulnerability in Citrix Access Gateway 4.2 Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. | 5.1 |
| 2006-07-24 | CVE-2006-3779 | Privilege Escalation vulnerability in Citrix products Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | 6.5 |
| 2005-12-03 | CVE-2005-3971 | Applications Login Form Cross-Site Scripting vulnerability in Citrix Metaframe Secure Access Manager and Nfuse Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. network citrix | 4.3 |
| 2004-04-26 | CVE-2004-1077 | Unspecified vulnerability in Citrix Metaframe Client and Program Neighborhood Agent Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive. | 5.0 |
| 2003-12-31 | CVE-2003-1157 | Cross-Site Scripting vulnerability in Citrix Metaframe 1.0 Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. network citrix | 4.3 |
| 2002-12-31 | CVE-2002-2426 | Cross-Site Request Forgery (CSRF) vulnerability in Citrix products Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. | 4.3 |
| 2002-08-12 | CVE-2002-0503 | Unspecified vulnerability in Citrix Nfuse 1.5 Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. | 5.0 |
| 2002-08-12 | CVE-2002-0502 | Unspecified vulnerability in Citrix Nfuse 1.6 Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | 5.0 |
| 2002-05-31 | CVE-2002-0301 | Information Disclosure vulnerability in Citrix Nfuse 1.6 Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. | 5.0 |