Filtered by vendor Citrix
Subscriptions
Total
427 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3757 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3758 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | N/A |
| SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3760 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | N/A |
| Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3936 | 1 Citrix | 3 Online Plug-in For Mac, Online Plug-in For Windows, Receiver For Iphone | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. | ||||
| CVE-2008-0356 | 1 Citrix | 4 Access Essentials, Desktop Server, Metaframe Presentation Server and 1 more | 2025-04-09 | N/A |
| Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. | ||||
| CVE-2007-6477 | 1 Citrix | 1 Web Interface | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-4013 | 2 Citrix, Mozilla | 3 Access Gateway, Endpoint Analysis Client, Firefox | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. | ||||
| CVE-2007-3679 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. | ||||
| CVE-2019-19781 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2025-04-03 | 9.8 Critical |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | ||||
| CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2025-04-03 | N/A |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). | ||||
| CVE-2001-1192 | 1 Citrix | 1 Ica Client | 2025-04-03 | N/A |
| Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. | ||||
| CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
| Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | ||||
| CVE-2006-3779 | 1 Citrix | 3 Metaframe, Metaframe Presentation Server, Presentation Server | 2025-04-03 | N/A |
| Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | ||||
| CVE-2001-0716 | 1 Citrix | 1 Metaframe | 2025-04-03 | N/A |
| Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. | ||||
| CVE-2000-0244 | 1 Citrix | 2 Metaframe, Winframe | 2025-04-03 | N/A |
| The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. | ||||
| CVE-2002-0301 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
| Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. | ||||
| CVE-2002-0502 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
| Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | ||||
| CVE-2002-0503 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
| Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. | ||||
| CVE-2002-0504 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | ||||