113 matches found
[Full-disclosure] ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow
ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-038.html November 9, 2006 -- CVE ID: CVE-2006-5821 -- Affected Vendor: Citrix -- Affected Products: Citrix MetaFrame XP 1.0 Citrix MetaFrame XP 2.0 Citrix MetaFrame...
[NT] Citrix Presentation/MetaFrame Server Privilege Escalation
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Citrix Metaframe privilege escalation
Weak permissions for registry key allow user defined DLL to be attacjed to system level process...
CVE-2006-3779
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges...
CVE-2006-3779
CVE-2006-3779 affects Citrix MetaFrame up to XP 1.0 Feature 1 on Windows Server 2003. The issue is a registry key created with an insecure ACL, which allows remote authenticated users to gain privileges. The root cause is improper ACL protection on a registry entry, enabling elevation of privileg...
CVE-2006-3779
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges...
CVE-2005-3971
Cross-site scripting XSS vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2005-3971
CVE-2005-3971 affects Citrix MetaFrame Secure Access Manager 2.0–2.2 and NFuse Elite 1.0. It is a cross-site scripting (XSS) vulnerability in the login form that allows remote attackers to inject arbitrary web script or HTML via the username field. The connected sources document this vulnerabilit...
CVE-2005-3971
Cross-site scripting XSS vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2005-3134
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name ClientName...
CVE-2005-3134
CVE-2005-3134 affects Citrix Metaframe Presentation Server 3.0 and 4.0. The issue allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the ClientName, enabling partial impacts to confidentiality, integrity, and availability as per the CVSSv2 vector...
CVE-2005-3134
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name ClientName...
Citrix Metaframe Presentation Server protection bypass
Restrictions policy is based upon paramters controlled by client...
Citrix Metaframe Presentation Server bypassing policies
DESCRIPTION: ============ Vulnerability in Presentation Server allow to user bypass citrix policy which is applied to client name. SOFTWARE: Citrix Metaframe Presentation Server 3.0 / 4.0 ========= INFO: ===== Citrix Presentation Server policy is used for admins to restrict the user environment a...
CVE-2004-1902
CVE-2004-1902 affects Citrix MetaFrame Password Manager 2.0. When a central credential store is not configured, passwords entered immediately after the First Time User Wizards are not encrypted, allowing local users to access sensitive information. Impact: partial confidentiality loss for credent...
CVE-2004-1902
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information...
CVE-2003-1157
CVE-2003-1157 describes a cross-site scripting (XSS) vulnerability in the Citrix MetaFrame XP Server 1.0 Web Interface component, affecting the login.asp handling of the NFuse_Message parameter. Attackers can inject arbitrary web script or HTML via this parameter, potentially impacting users' bro...
CVE-2003-1157
Cross-site scripting XSS vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuseMessage parameter...
CVE-2005-0821
Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse...
CVE-2005-0822
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy...