EUVD-2008-2297

Malware in sbrugna...

Design/Logic Flaw

Unspecified vulnerability in Citrix XenApp formerly Presentation Server 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be th...

CVE-2008-4676

Summary: CVE-2008-4676 describes an unspecified local privilege-escalation vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0. The issue is triggered by unknown attack vectors related to cr...

CVE-2008-2300

Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors...

Design/Logic Flaw

Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass...

CVE-2008-2300

Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors...

CVE-2008-2300

CVE-2008-2300 affects Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0. The vulnerability allows remote authenticated users to access unauthorized desktops via unknown attack vectors. The connected documents do not provide concret...

CVE-2002-2426

Cross-site request forgery CSRF vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the...

CVE-2002-2426

The CVE-2002-2426 entry describes a CSRF vulnerability in Citrix Presentation Server 4.0/4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0–2.0. The issue arises from the InitialProgram key in an ICA connection, allowing remote attackers to run published applications (and possibly ...

Citrix Presentation Server远程未授权代码执行漏洞

Citrix Presentation Server是一款集中部署应用和提供按需接入的解决方案。 Citrix Presentation Server存在一个设计问题，远程攻击者可以利用漏洞以授权用户上下文执行任意未授权代码。 如果授权用户被诱使调用ICA连接到Citrix Presentation Server，它可能被攻击者利用并以授权用户上下文执行未授权代码。 ICA连接可通过起用.ica文件或使用ICA客户端插件来调用，因此攻击者构建恶意的.ICA文件，诱使用户打开，可导致任意代码未授权执行。 测试方法 Citrix Presentation Server 4.0 Citrix...