Vulnerabilites related to citrix - metaframe_presentation_server
cve-2006-5821
Vulnerability from cvelistv5
Published
2006-11-10 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/451337/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-038.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30148 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1017205 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX111186 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/20986 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/22802 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4429 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "http://support.citrix.com/article/CTX111186",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5821",
"datePublished": "2006-11-10T23:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5861
Vulnerability from cvelistv5
Published
2006-11-10 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30156 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1017205 | vdb-entry, x_refsource_SECTRACK | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441 | third-party-advisory, x_refsource_IDEFENSE | |
| http://support.citrix.com/article/CTX111186 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/20986 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/22802 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4429 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-imaserver-dos(30156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-imaserver-dos(30156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-imaserver-dos(30156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"name": "http://support.citrix.com/article/CTX111186",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5861",
"datePublished": "2006-11-10T23:00:00",
"dateReserved": "2006-11-10T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3625
Vulnerability from cvelistv5
Published
2007-07-09 16:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1018343 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/24790 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25897 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.citrix.com/article/CTX113543 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/2455 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/37839 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35283 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018343",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25897"
},
{
"name": "http://support.citrix.com/article/CTX113543",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"refsource": "OSVDB",
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3625",
"datePublished": "2007-07-09T16:00:00",
"dateReserved": "2007-07-09T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2300
Vulnerability from cvelistv5
Published
2008-05-18 14:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29232 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30271 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1020027 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX116941 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/1530/references | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42439 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"name": "http://support.citrix.com/article/CTX116941",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2300",
"datePublished": "2008-05-18T14:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:00.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3779
Vulnerability from cvelistv5
Published
2006-07-21 18:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX110492 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/21076 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016526 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/2862 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/19056 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX110492",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3779",
"datePublished": "2006-07-21T18:00:00",
"dateReserved": "2006-07-21T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3485
Vulnerability from cvelistv5
Published
2008-08-06 17:05
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44490 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/4110 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/30446 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/494952/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3485",
"datePublished": "2008-08-06T17:05:00",
"dateReserved": "2008-08-06T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2426
Vulnerability from cvelistv5
Published
2007-11-20 00:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1018962 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt | x_refsource_MISC | |
| http://support.citrix.com/article/CTX115245 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/3870 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/26451 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27633 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"name": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"name": "http://support.citrix.com/article/CTX115245",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27633"
},
{
"name": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2426",
"datePublished": "2007-11-20T00:00:00",
"dateReserved": "2007-11-19T00:00:00",
"dateUpdated": "2024-08-08T04:06:53.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0356
Vulnerability from cvelistv5
Published
2008-01-18 21:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/486585/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28508 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0172 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/412228 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1019231 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/27329 | vdb-entry, x_refsource_BID | |
| http://zerodayinitiative.com/advisories/ZDI-08-002.html | x_refsource_MISC | |
| http://support.citrix.com/article/CTX114487 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-08-002.html",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"name": "http://support.citrix.com/article/CTX114487",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX114487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0356",
"datePublished": "2008-01-18T21:00:00",
"dateReserved": "2008-01-18T00:00:00",
"dateUpdated": "2024-08-07T07:39:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0444
Vulnerability from cvelistv5
Published
2007-01-24 22:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23869 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/22217 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c | x_refsource_MISC | |
| http://support.citrix.com/article/CTX111686 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-006.html | x_refsource_MISC | |
| http://securitytracker.com/id?1017553 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/32958 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/0328 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/458002/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22217"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"name": "http://support.citrix.com/article/CTX111686",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111686"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"refsource": "OSVDB",
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0444",
"datePublished": "2007-01-24T22:00:00",
"dateReserved": "2007-01-23T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-11-10 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | metaframe | 1.0 | |
| citrix | metaframe | 2.0 | |
| citrix | metaframe_presentation_server | 3.0 | |
| citrix | metaframe_presentation_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:metaframe:1.0:*:xp:*:*:*:*:*",
"matchCriteriaId": "7E71FB3C-D642-4736-B19A-DE3CE38FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:2.0:*:xp:*:*:*:*:*",
"matchCriteriaId": "B507DCB9-E714-4D02-9C94-69C86DB952BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E406CDDF-A2F6-42EC-B4EF-93258F21C08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15137D61-8E46-4F46-B475-098429A79484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
},
{
"lang": "es",
"value": "El servicio (ImaSrv.exe) del Independent Management Architecture (IMA) en el Citrix MetaFrame XP 1.0 y 2.0, and Presentation Server 3.0 y 4.0, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (salida del servicio) mediante un paquete manipulado que provoca que el servicio acceda a una direcci\u00f3n de memoria sin mapear y dispare una excepci\u00f3n inmanejable."
}
],
"id": "CVE-2006-5861",
"lastModified": "2024-11-21T00:20:51.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-10T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22802"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017205"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4429"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-18 14:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | * | |
| citrix | access_essentials | 1.0 | |
| citrix | access_essentials | 1.5 | |
| citrix | citrix_presentation_server | * | |
| citrix | desktop_server | 1.0 | |
| citrix | metaframe_presentation_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96365CE2-22BF-408E-939F-22FFABF63061",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:citrix_presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A571EDD-12ED-4398-8AED-5916A4580294",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08AEEC3F-E8DD-4535-98D2-4CFD83439A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15137D61-8E46-4F46-B475-098429A79484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Citrix Presentation Server 4.5 y anteriores, Citrix Access Essentials 2.0 y anteriores y Citrix Desktop Server 1.0 permite a atacantes autentificados remotamente acceder a escritorios no autorizados mediante vectores de ataque desconocidos."
}
],
"id": "CVE-2008-2300",
"lastModified": "2024-11-21T00:46:33.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-18T14:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30271"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-10 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | metaframe | 1.0 | |
| citrix | metaframe | 3.0 | |
| citrix | metaframe_presentation_server | 4.0 | |
| citrix | metaframe_presentation_server | 4.0 | |
| citrix | metaframe_presentation_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:metaframe:1.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "A77E8839-8E33-45E8-B491-C5733C8AB884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:3.0:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "0C88F86F-F07D-4C17-B5D5-EC8F1A69A65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "E0A76F02-1EB3-4925-B241-91331EAFDDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "9565EB76-11A0-415F-943A-E9870F5F37D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:microsoft_windows_2003:*:*:*:*:*",
"matchCriteriaId": "A015864E-AF0C-49CA-8961-9CAA830DAE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
},
{
"lang": "es",
"value": "Desbordamiento del b\u00fafer basado en mont\u00f3n en la funci\u00f3n IMA_SECURE_DecryptData1 en la ImaSystem.dll para el Citrix MetaFrame XP 1.0 y 2.0, y Presentation Server 3.0 y 4.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n en el Independent Management Architecture (IMA) al servicio (ImaSrv.exe) con tama\u00f1os de valores no v\u00e1lidos que disparen el desbordamiento durante la desencriptaci\u00f3n."
}
],
"id": "CVE-2006-5821",
"lastModified": "2024-11-21T00:20:41.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-10T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22802"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017205"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4429"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-24 12:19
Modified
2024-11-21 00:14
Severity ?
Summary
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | metaframe | 1.8 | |
| citrix | metaframe | 1.8 | |
| citrix | metaframe_presentation_server | 3.0 | |
| citrix | presentation_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:metaframe:1.8:*:microsoft_nt_4.0_server_terminal_server:*:*:*:*:*",
"matchCriteriaId": "73DDD50B-3671-4299-84A2-C34D591BBB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe:1.8:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "1D249D93-F64E-4461-8CD4-B8B4B5163865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "56AD6C25-A646-4595-98DB-C5DEB1DCB024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.0:*:microsoft_windows_2000:*:*:*:*:*",
"matchCriteriaId": "ED0D3B9B-29A6-48C4-9D09-F4B1BCD180FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
},
{
"lang": "es",
"value": "Citrix MetaFrame para XP 1.0 caracter\u00edstica 1, excepto cuando funciona sobre Windows Server 2003, instala una llave de registro con un ACL no seguro, lo cual permite a usuarios remotos validos ganar privilegios."
}
],
"id": "CVE-2006-3779",
"lastModified": "2024-11-21T00:14:24.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-24T12:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21076"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016526"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19056"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2862"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-24 22:28
Modified
2024-11-21 00:25
Severity ?
Summary
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | metaframe | 1.0 | |
| citrix | metaframe_presentation_server | 3.0 | |
| citrix | metaframe_presentation_server | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:metaframe:1.0:*:xp:*:*:*:*:*",
"matchCriteriaId": "7E71FB3C-D642-4736-B19A-DE3CE38FC2FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E406CDDF-A2F6-42EC-B4EF-93258F21C08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15137D61-8E46-4F46-B475-098429A79484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la biblioteca print provider (cpprov.dll) en Citrix Presentation Server versi\u00f3n 4.0, MetaFrame Presentation Server versi\u00f3n 3.0 y MetaFrame XP versi\u00f3n 1.0 permite a los usuarios locales y a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de argumentos largos a las funciones (1) EnumPrintersW y (2) OpenPrinter."
}
],
"id": "CVE-2007-0444",
"lastModified": "2024-11-21T00:25:52.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-24T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32958"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23869"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017553"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22217"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-09 16:30
Modified
2024-11-21 00:33
Severity ?
Summary
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | metaframe_presentation_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:*:*:32-bit_windows:*:*:*:*:*",
"matchCriteriaId": "AD7B3D18-D7F1-4E4E-97CA-70B8895C4D04",
"versionEndIncluding": "10.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
},
{
"lang": "es",
"value": "The Program Neighborhood Agent en Citrix Presentation Server Clients para 32-bit Windows anterior a 10.100 permite a atacantes remotos provocar denegaci\u00f3n de servicio (salida del agente) a trav\u00e9s de ciertas respuestas que utilizan la redirecci\u00f3n de contenido y un nombre de ruta largo."
}
],
"id": "CVE-2007-3625",
"lastModified": "2024-11-21T00:33:41.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-09T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37839"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25897"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24790"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018343"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-18 22:00
Modified
2024-11-21 00:41
Severity ?
Summary
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | * | |
| citrix | desktop_server | 1.0 | |
| citrix | metaframe_presentation_server | * | |
| citrix | presentation_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96365CE2-22BF-408E-939F-22FFABF63061",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08AEEC3F-E8DD-4535-98D2-4CFD83439A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B612D535-0FED-49B5-85B7-7B33CC1EF320",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B22EE40-B6D5-4A1D-B6F5-48E14FB189AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servicio Independent Management Architecture (IMA) de Citrix Presentation Server (MetaFrame Presentation Server) 4.5 y versiones anteriores, Access Essentials 2.0 y versiones anteriores, y Desktop Server 1.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un valor de tama\u00f1o inv\u00e1lido en un paquete al puerto TCP 2512 \u00f3 2513."
}
],
"id": "CVE-2008-0356",
"lastModified": "2024-11-21T00:41:49.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-18T22:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX114487"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.citrix.com/article/CTX114487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | access_essentials | 1.0 | |
| citrix | access_essentials | 1.5 | |
| citrix | access_essentials | 2.0 | |
| citrix | metaframe_presentation_server | 3.0 | |
| citrix | presentation_server | 4.0 | |
| citrix | presentation_server | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF9F197-991D-4920-BE9A-2E3495E76CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21B89150-1806-481D-B0D9-FD37BA4798D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:access_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D04505CA-D715-4094-9B39-61FA8BDB3A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E406CDDF-A2F6-42EC-B4EF-93258F21C08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "967F31B0-0299-4BCE-91E5-45E2B38CFCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD859173-2ACD-4C60-8EF4-5B0434EA8244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
],
"id": "CVE-2002-2426",
"lastModified": "2024-11-20T23:43:39.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27633"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"source": "cve@mitre.org",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-06 17:41
Modified
2024-11-21 00:49
Severity ?
Summary
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | metaframe_presentation_server | * | |
| citrix | xp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:metaframe_presentation_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C699349-4874-4DBE-BF58-BD41058F00F7",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00BAE3AC-0D2A-4C4B-8BAF-6FB2D6177FB4",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Citrix MetaFrame Presentation Server permite a usuarios locales conseguir privilegios a trav\u00e9s de un icabar.exe malicioso colocado en una ruta de b\u00fasqueda."
}
],
"id": "CVE-2008-3485",
"lastModified": "2024-11-21T00:49:21.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-06T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4110"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30446"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}