113 matches found
Citrix Program Neighborhood Agent Arbitrary Shortcut Creation (CVE-2004-1077)
Citrix Presentation Server, formally known as Citrix MetaFrame, is designed for central application deployment. This package allows applications to be deployed and managed by a farm of dedicated servers and allow client machines to access these applications remotely. There exists an arbitrary...
Citrix MetaFrame IMA Authentication Processing Buffer Overflow (CVE-2006-5821)
The Citrix MetaFrame products are remote access and application publishing products built on Citrix' Independent Computing Architecture ICA. The products allow for access and control of the remote hosts as well as deploying applications. There exists a buffer overflow vulnerability in Citrix...
Citrix Systems Multiple Products IMA Service Buffer Overflow (CVE-2008-0356)
The Citrix MetaFrame products are remote access and application publishing products built on Citrix' Independent Computing Architecture ICA. The products allow for access and control of the remote hosts as well as deploying applications. There exists a buffer overflow vulnerability in Independent...
Citrix Presentation Server IMA Invalid Event Data Length Denial of Service (CVE-2006-5861)
The Citrix MetaFrame products are remote access and application publishing products built on Citrix' Independent Computing Architecture ICA. The products allow for access and control of the remote hosts as well as deploying applications. There exists a memory access violation vulnerability in...
Citrix MetaFrame ICA Published Applications Bruteforcer
This module attempts to brute force program names within the Citrix Metaframe ICA server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix MetaFrame ICA Published Applications Bruteforcer...
Design/Logic Flaw
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path...
CVE-2008-3485
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path...
CVE-2008-3485
Technical details about CVE-2008-3485 are not publicly available in the provided documents. Monitor for updates from CVE/NVD entries or vendor advisories.
CVE-2008-3485
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path...
Citrix MetaFrame Privilege Escalation
INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORY http://www.intruders.com.br/ http://www.security.org.br/ ADVISORY/1907 - Citrix MetaFrame Privilege Escalation PRIORITY: Low I - INTRUDERS: ---------------- Intruders Tiger Team Security http://www.intruders.com.br/ is a SecurityLabs...
Citrix Metaframe Privilege escalation
Autorun item path is not fully specified...
Citrix Presentation Server 'icabar.exe'本地特权提升漏洞
BUGTRAQ ID: 30446 CNCAN ID:CNCAN-2008073109 Citrix Presentation Server允许用户通过网络远程访问应用程序。 Citrix Presentation Server icabar.exe文件存在错误,本地攻击者可以利用漏洞提升特权。 icabar.exe文件设计用于启动Citrix MetaFrame管理工具条,允许攻击者在windows 2000或者以下版本的系统中,在默认配置情况下提升特权。在部分环境下的windows 2003也可能利用。...
metaframe-xss.txt
Citrix MetaFrame remote xss Author: handrix Contact: handrixatmorxdotorg Vulnerability: Cross Site Scripting Severity: Medium/High MorX security research team www.morx.org The Citrix MetaFrame web manager are vulnerable to XSS attack. XSS Vector :...
Citrix Metaframe Web Manager - login.asp Cross-Site Scripting
Citrix Metaframe Web Manager - login.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/27948/info Citrix MetaFrame Web Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execut...
Citrix Metaframe Web Manager - 'login.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27948/info Citrix MetaFrame Web Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...
DSquare Exploit Pack: D2SEC_IMASRV
Name| d2secimasrv ---|--- CVE| CVE-2008-0356 Exploit Pack| D2ExploitPack Description| Citrix Metaframe Presentation Server 4.0 IMA Service Heap Overflow Notes|...
CVE-2002-2426
Cross-site request forgery CSRF vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the...
CVE-2002-2426
The CVE-2002-2426 entry describes a CSRF vulnerability in Citrix Presentation Server 4.0/4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0–2.0. The issue arises from the InitialProgram key in an ICA connection, allowing remote attackers to run published applications (and possibly ...
Citrix Presentation Server远程未授权代码执行漏洞
Citrix Presentation Server是一款集中部署应用和提供按需接入的解决方案。 Citrix Presentation Server存在一个设计问题,远程攻击者可以利用漏洞以授权用户上下文执行任意未授权代码。 如果授权用户被诱使调用ICA连接到Citrix Presentation Server,它可能被攻击者利用并以授权用户上下文执行未授权代码。 ICA连接可通过起用.ica文件或使用ICA客户端插件来调用,因此攻击者构建恶意的.ICA文件,诱使用户打开,可导致任意代码未授权执行。 测试方法 Citrix Presentation Server 4.0 Citrix...
CVE-2007-2850
The CVE-2007-2850 vulnerability affects Citrix Session Reliability Service (XTE) in MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0/1.5. The issue allows remote attackers to bypass network security policies and connect to arbitrary TCP ports by sending a modi...