14 matches found
CVE-2011-2882
CVE-2011-2882 pertains to a stack-based buffer overflow in the Citrix Access Gateway Plug-in for Windows ActiveX control (nsepa.ocx). Affected plug-in versions: 8.1-67.7, 9.0-70.5, and 9.1-96.4. The vulnerability occurs when processing certain HTTP header data, allowing remote code execution in t...
CVE-2010-4566
The CVE affects Citrix Access Gateway where the web authentication form in NT4 authentication (Enterprise Edition 9.2-49.8 and earlier) and the NTLM component in Standard/Advanced editions before 5.0 allows attackers to inject shell metacharacters in the password field to execute arbitrary comman...
CVE-2007-4013
CVE-2007-4013 covers multiple unspecified vulnerabilities in Net6Helper.DLL (Net6Launcher Class, 4.5.2 and earlier) and in npCtxCAO.dll (Citrix Endpoint Analysis Client) in a Firefox plugin directory, plus a second npCtxCAO.dll (CAAOControl Object) in Citrix Access Gateway Standard Edition before...
CVE-2011-2883
CVE-2011-2883 affects Citrix Access Gateway Enterprise Edition’s NSEPA.NsepaCtrl.1 ActiveX control (nsepa.ocx) in 8.1<8.1-67.7, 9.0<9.0-70.5, 9.1
CVE-2006-4846
Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when LDAP authentication is enabled, is affected by an authentication bypass vulnerability. Reports indicate remote attackers may bypass authentication via unknown vectors. The CERT advisory notes a hotfix (CTX110950) a...
CVE-2006-6573
The vulnerability CVE-2006-6573 affects Citrix Access Gateway: 4.5 Advanced Edition and 4.2 with Advanced Access Control 4.2 on Access Gateway appliances 4.2–4.2.2. A remote, authenticated user can gain access to data via unspecified vectors, causing information disclosure. Citrix notes updates a...
CVE-2007-0011
The CVE-2007-0011 issue affects Citrix Access Gateway (also Citrix Advanced Access Control) prior to Advanced Edition 4.5 HF1. The vulnerability is that a session ID is placed in the URL during the web portal authentication flow, enabling context-dependent attackers to hijack a user session by re...
CVE-2007-3679
CVE-2007-3679 affects the Citrix EPA ActiveX control (CCAOControl Object) in npCtxCAO.dll, used by Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1. The ActiveX control is vulnerable to remote code execution via arbitrary program download/execution on a clie...
CVE-2007-4017
CVE-2007-4017 describes a CSRF vulnerability in the web-based administration console of Citrix Access Gateway prior to firmware 4.5.5. The issue allows remote attackers to perform certain configuration changes as administrators due to insufficient CSRF protections in the management interface. The...
CVE-2008-2528
CVE-2008-2528 affects Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier. The issue is an authentication bypass that could grant access to network resources; exact vectors are not disclosed. Impact is described as bypassing authentication with potent...
CVE-2006-6572
Citrix Access Gateway AAC 4.2 with LDAP enabled is affected by an LDAP authentication bypass vulnerability. A remote attacker may authenticate without valid credentials. Citrix provides a hotfix (CTX110950) and recommends not enabling LDAP authentication as mitigation.
CVE-2007-4018
The CVE concerns Citrix Access Gateway Advanced Edition prior to firmware 4.5.5. The vulnerability allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. The Connected documents do not provide concrete exploit details, affected versions beyond ...
CVE-2013-2263
Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 is affected by an unspecified security bypass vulnerability that could allow remote attackers to access network resources via the login mechanism. The issue is described across multiple sources as an unspecified security bypass in C...
CVE-2007-4016
CVE-2007-4016 affects Citrix Access Gateway, specifically the client components in Standard Edition < 4.5.5 and Advanced Edition