Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities found for metaframe_presentation_server by citrix
CVE-2008-3485 (GCVE-0-2008-3485)
Vulnerability from nvd – Published: 2008-08-06 17:05 – Updated: 2024-08-07 09:37
VLAI
Summary
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4110 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/30446 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/494952/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-07-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3485",
"datePublished": "2008-08-06T17:05:00.000Z",
"dateReserved": "2008-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:27.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2300 (GCVE-0-2008-2300)
Vulnerability from nvd – Published: 2008-05-18 14:00 – Updated: 2024-08-07 08:58
VLAI
Summary
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29232 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30271 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020027 | vdb-entryx_refsource_SECTRACK |
| http://support.citrix.com/article/CTX116941 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/1530… | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"name": "http://support.citrix.com/article/CTX116941",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2300",
"datePublished": "2008-05-18T14:00:00.000Z",
"dateReserved": "2008-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:58:00.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0356 (GCVE-0-2008-0356)
Vulnerability from nvd – Published: 2008-01-18 21:00 – Updated: 2024-08-07 07:39
VLAI
Summary
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/486585/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/28508 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0172 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/412228 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id?1019231 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/27329 | vdb-entryx_refsource_BID |
| http://zerodayinitiative.com/advisories/ZDI-08-002.html | x_refsource_MISC |
| http://support.citrix.com/article/CTX114487 | x_refsource_CONFIRM |
Date Public
2008-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-08-002.html",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"name": "http://support.citrix.com/article/CTX114487",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX114487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0356",
"datePublished": "2008-01-18T21:00:00.000Z",
"dateReserved": "2008-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3625 (GCVE-0-2007-3625)
Vulnerability from nvd – Published: 2007-07-09 16:00 – Updated: 2024-08-07 14:21
VLAI
Summary
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1018343 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/24790 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/25897 | third-party-advisoryx_refsource_SECUNIA |
| http://support.citrix.com/article/CTX113543 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2455 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/37839 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018343",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25897"
},
{
"name": "http://support.citrix.com/article/CTX113543",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"refsource": "OSVDB",
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3625",
"datePublished": "2007-07-09T16:00:00.000Z",
"dateReserved": "2007-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0444 (GCVE-0-2007-0444)
Vulnerability from nvd – Published: 2007-01-24 22:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/23869 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/22217 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/data/vulnerabilities… | x_refsource_MISC |
| http://support.citrix.com/article/CTX111686 | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-0… | x_refsource_MISC |
| http://securitytracker.com/id?1017553 | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/32958 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0328 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/458002/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22217"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"name": "http://support.citrix.com/article/CTX111686",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111686"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"refsource": "OSVDB",
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0444",
"datePublished": "2007-01-24T22:00:00.000Z",
"dateReserved": "2007-01-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5861 (GCVE-0-2006-5861)
Vulnerability from nvd – Published: 2006-11-10 23:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1017205 | vdb-entryx_refsource_SECTRACK |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://support.citrix.com/article/CTX111186 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20986 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22802 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4429 | vdb-entryx_refsource_VUPEN |
Date Public
2006-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-imaserver-dos(30156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-imaserver-dos(30156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-imaserver-dos(30156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"name": "http://support.citrix.com/article/CTX111186",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5861",
"datePublished": "2006-11-10T23:00:00.000Z",
"dateReserved": "2006-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5821 (GCVE-0-2006-5821)
Vulnerability from nvd – Published: 2006-11-10 23:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/451337/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.zerodayinitiative.com/advisories/ZDI-0… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1017205 | vdb-entryx_refsource_SECTRACK |
| http://support.citrix.com/article/CTX111186 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20986 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22802 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4429 | vdb-entryx_refsource_VUPEN |
Date Public
2006-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "http://support.citrix.com/article/CTX111186",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5821",
"datePublished": "2006-11-10T23:00:00.000Z",
"dateReserved": "2006-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3779 (GCVE-0-2006-3779)
Vulnerability from nvd – Published: 2006-07-21 18:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://support.citrix.com/article/CTX110492 | x_refsource_CONFIRM |
| http://secunia.com/advisories/21076 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1016526 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/2862 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/19056 | vdb-entryx_refsource_BID |
Date Public
2006-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX110492",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3779",
"datePublished": "2006-07-21T18:00:00.000Z",
"dateReserved": "2006-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2426 (GCVE-0-2002-2426)
Vulnerability from nvd – Published: 2007-11-20 00:00 – Updated: 2024-08-08 04:06
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1018962 | vdb-entryx_refsource_SECTRACK |
| http://packetstormsecurity.org/0210-exploits/hack… | x_refsource_MISC |
| http://support.citrix.com/article/CTX115245 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/3870 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/26451 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/27633 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gnucitizen.org/blog/citrix-owning-the-… | x_refsource_MISC |
Date Public
2002-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"name": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"name": "http://support.citrix.com/article/CTX115245",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27633"
},
{
"name": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2426",
"datePublished": "2007-11-20T00:00:00.000Z",
"dateReserved": "2007-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:53.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3485 (GCVE-0-2008-3485)
Vulnerability from cvelistv5 – Published: 2008-08-06 17:05 – Updated: 2024-08-07 09:37
VLAI
Summary
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4110 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/30446 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/494952/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-07-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3485",
"datePublished": "2008-08-06T17:05:00.000Z",
"dateReserved": "2008-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:27.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2300 (GCVE-0-2008-2300)
Vulnerability from cvelistv5 – Published: 2008-05-18 14:00 – Updated: 2024-08-07 08:58
VLAI
Summary
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29232 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30271 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020027 | vdb-entryx_refsource_SECTRACK |
| http://support.citrix.com/article/CTX116941 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/1530… | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:00.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020027"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29232"
},
{
"name": "30271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30271"
},
{
"name": "1020027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020027"
},
{
"name": "http://support.citrix.com/article/CTX116941",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116941"
},
{
"name": "ADV-2008-1530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1530/references"
},
{
"name": "citrix-presentationserver-unauth-access(42439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2300",
"datePublished": "2008-05-18T14:00:00.000Z",
"dateReserved": "2008-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:58:00.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0356 (GCVE-0-2008-0356)
Vulnerability from cvelistv5 – Published: 2008-01-18 21:00 – Updated: 2024-08-07 07:39
VLAI
Summary
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/486585/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/28508 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/0172 | vdb-entryx_refsource_VUPEN |
| http://www.kb.cert.org/vuls/id/412228 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id?1019231 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/27329 | vdb-entryx_refsource_BID |
| http://zerodayinitiative.com/advisories/ZDI-08-002.html | x_refsource_MISC |
| http://support.citrix.com/article/CTX114487 | x_refsource_CONFIRM |
Date Public
2008-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX114487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
},
{
"name": "28508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28508"
},
{
"name": "ADV-2008-0172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0172"
},
{
"name": "VU#412228",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/412228"
},
{
"name": "1019231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-08-002.html",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"name": "http://support.citrix.com/article/CTX114487",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX114487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0356",
"datePublished": "2008-01-18T21:00:00.000Z",
"dateReserved": "2008-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2426 (GCVE-0-2002-2426)
Vulnerability from cvelistv5 – Published: 2007-11-20 00:00 – Updated: 2024-08-08 04:06
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1018962 | vdb-entryx_refsource_SECTRACK |
| http://packetstormsecurity.org/0210-exploits/hack… | x_refsource_MISC |
| http://support.citrix.com/article/CTX115245 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/3870 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/26451 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/27633 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gnucitizen.org/blog/citrix-owning-the-… | x_refsource_MISC |
Date Public
2002-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:53.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018962"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018962"
},
{
"name": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0210-exploits/hackingcitrix.txt"
},
{
"name": "http://support.citrix.com/article/CTX115245",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX115245"
},
{
"name": "ADV-2007-3870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3870"
},
{
"name": "26451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26451"
},
{
"name": "27633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27633"
},
{
"name": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2426",
"datePublished": "2007-11-20T00:00:00.000Z",
"dateReserved": "2007-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:06:53.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3625 (GCVE-0-2007-3625)
Vulnerability from cvelistv5 – Published: 2007-07-09 16:00 – Updated: 2024-08-07 14:21
VLAI
Summary
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1018343 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/24790 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/25897 | third-party-advisoryx_refsource_SECUNIA |
| http://support.citrix.com/article/CTX113543 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2455 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/37839 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018343",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018343"
},
{
"name": "24790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24790"
},
{
"name": "25897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25897"
},
{
"name": "http://support.citrix.com/article/CTX113543",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX113543"
},
{
"name": "ADV-2007-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2455"
},
{
"name": "37839",
"refsource": "OSVDB",
"url": "http://osvdb.org/37839"
},
{
"name": "citrix-content-redirection-dos(35283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3625",
"datePublished": "2007-07-09T16:00:00.000Z",
"dateReserved": "2007-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:21:36.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0444 (GCVE-0-2007-0444)
Vulnerability from cvelistv5 – Published: 2007-01-24 22:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/23869 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/22217 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/data/vulnerabilities… | x_refsource_MISC |
| http://support.citrix.com/article/CTX111686 | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-0… | x_refsource_MISC |
| http://securitytracker.com/id?1017553 | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/32958 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0328 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/458002/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23869",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111686"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23869"
},
{
"name": "22217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22217"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c"
},
{
"name": "http://support.citrix.com/article/CTX111686",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111686"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-006.html"
},
{
"name": "1017553",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017553"
},
{
"name": "32958",
"refsource": "OSVDB",
"url": "http://osvdb.org/32958"
},
{
"name": "ADV-2007-0328",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0328"
},
{
"name": "20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458002/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0444",
"datePublished": "2007-01-24T22:00:00.000Z",
"dateReserved": "2007-01-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5861 (GCVE-0-2006-5861)
Vulnerability from cvelistv5 – Published: 2006-11-10 23:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1017205 | vdb-entryx_refsource_SECTRACK |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://support.citrix.com/article/CTX111186 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20986 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22802 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4429 | vdb-entryx_refsource_VUPEN |
Date Public
2006-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citrix-imaserver-dos(30156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citrix-imaserver-dos(30156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-imaserver-dos(30156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30156"
},
{
"name": "1017205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "20061109 Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=441"
},
{
"name": "http://support.citrix.com/article/CTX111186",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5861",
"datePublished": "2006-11-10T23:00:00.000Z",
"dateReserved": "2006-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5821 (GCVE-0-2006-5821)
Vulnerability from cvelistv5 – Published: 2006-11-10 23:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/451337/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.zerodayinitiative.com/advisories/ZDI-0… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1017205 | vdb-entryx_refsource_SECTRACK |
| http://support.citrix.com/article/CTX111186 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20986 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22802 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4429 | vdb-entryx_refsource_VUPEN |
Date Public
2006-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061109 ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451337/100/100/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-038.html"
},
{
"name": "citrix-ima-management-bo(30148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30148"
},
{
"name": "1017205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017205"
},
{
"name": "http://support.citrix.com/article/CTX111186",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX111186"
},
{
"name": "20986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20986"
},
{
"name": "22802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22802"
},
{
"name": "ADV-2006-4429",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5821",
"datePublished": "2006-11-10T23:00:00.000Z",
"dateReserved": "2006-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3779 (GCVE-0-2006-3779)
Vulnerability from cvelistv5 – Published: 2006-07-21 18:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://support.citrix.com/article/CTX110492 | x_refsource_CONFIRM |
| http://secunia.com/advisories/21076 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1016526 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/2862 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/19056 | vdb-entryx_refsource_BID |
Date Public
2006-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19056"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX110492",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX110492"
},
{
"name": "21076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21076"
},
{
"name": "1016526",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016526"
},
{
"name": "ADV-2006-2862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2862"
},
{
"name": "19056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19056"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3779",
"datePublished": "2006-07-21T18:00:00.000Z",
"dateReserved": "2006-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}