Search Results (452 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6037 1 Citrix 1 Netscaler 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.
CVE-2009-3936 1 Citrix 3 Online Plug-in For Mac, Online Plug-in For Windows, Receiver For Iphone 2026-04-23 N/A
Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.
CVE-2009-2453 1 Citrix 2 Presentation Server, Xenapp 2026-04-23 N/A
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
CVE-2009-2213 1 Citrix 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware 2026-04-23 6.5 Medium
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVE-2009-3758 1 Citrix 1 Xencenterweb 2026-04-23 N/A
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-3485 1 Citrix 2 Metaframe Presentation Server, Xp 2026-04-23 N/A
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
CVE-2009-2452 1 Citrix 1 Licensing 2026-04-23 N/A
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console."
CVE-2008-5882 2 Avaya, Citrix 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more 2026-04-23 N/A
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
CVE-2007-6192 1 Citrix 1 Netscaler 2026-04-23 N/A
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
CVE-2008-5716 1 Citrix 1 Xen 2026-04-23 N/A
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
CVE-2007-3625 1 Citrix 1 Metaframe Presentation Server 2026-04-23 N/A
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
CVE-2009-3757 1 Citrix 1 Xencenterweb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information.
CVE-2006-5821 1 Citrix 2 Metaframe, Metaframe Presentation Server 2026-04-23 N/A
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
CVE-2007-6267 1 Citrix 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server 2026-04-23 N/A
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
CVE-2009-2454 1 Citrix 1 Web Interface 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6477 1 Citrix 1 Web Interface 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4018 1 Citrix 1 Access Gateway 2026-04-23 N/A
Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
CVE-2007-0444 1 Citrix 2 Metaframe, Metaframe Presentation Server 2026-04-23 N/A
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
CVE-2006-6573 1 Citrix 1 Access Gateway 2026-04-23 N/A
Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors.
CVE-2008-6561 2 Citrix, Microsoft 2 Presentation Server Client, Windows 2026-04-23 N/A
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.