Metaframe Security Vulnerabilities and Issues — Metaframe CVE List

Lucene search

CitrixMetaframe

10 matches found

CVE•added 2005/05/10 4:0 a.m.•72 views

CVE-2003-1157

Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.

4.3CVSS5.7AI score0.01855EPSS

CVE•added 2007/01/24 10:28 p.m.•49 views

CVE-2007-0444

Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functio...

7.2CVSS7.7AI score0.01996EPSS

CVE•added 2000/04/12 4:0 a.m.•48 views

CVE-2000-0244

The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.

10CVSS7AI score0.00896EPSS

CVE•added 2002/03/09 5:0 a.m.•48 views

CVE-2001-0716

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

5CVSS6.7AI score0.01106EPSS

CVE•added 2002/02/02 5:0 a.m.•46 views

CVE-2001-0908

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

7.5CVSS6.9AI score0.0064EPSS

CVE•added 2005/10/04 10:2 p.m.•42 views

CVE-2005-3134

Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).

7.5CVSS7.1AI score0.00791EPSS

CVE•added 2007/05/24 6:30 p.m.•41 views

CVE-2007-2850

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

10CVSS6.8AI score0.01372EPSS

CVE•added 2006/11/10 11:7 p.m.•40 views

CVE-2006-5821

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with inv...

7.5CVSS8.2AI score0.09429EPSS

CVE•added 2006/07/24 12:19 p.m.•35 views

CVE-2006-3779

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.

6.5CVSS6.8AI score0.00907EPSS

CVE•added 2006/11/10 11:7 p.m.•35 views

CVE-2006-5861

The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and trigg...

5CVSS6.5AI score0.06861EPSS