10 matches found
CVE-2007-6193
CVE-2007-6193 concerns the Citrix NetScaler web management interface. The OpenVAS entries and the NVD record indicate that NetScaler 8.0 build 47.8 exposes the device’s primary IP address (and, per OpenVAS, software version) via the web management cookie, enabling information disclosure. The impa...
CVE-2015-2838
CVE-2015-2838 affects Citrix NetScaler Nitro API prior to 10.5 build 52.3nc. The vulnerability arises from CSRF that lets an attacker craft requests via the file_name JSON field in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix, enabling shell metacharacters to execute commands as nsroot. This...
CVE-2015-2840
CVE-2015-2840 covers a cross-site scripting vulnerability in Citrix NetScaler. The issue affects NetScaler prior to version 10.5 build 52.3nc , where an attacker can inject arbitrary script via the searchQuery parameter in the page help/rt/large_search.html . The underlying cause is insufficient ...
CVE-2015-2839
The CVE-2015-2839 issue affects Citrix NetScaler prior to 10.5 build 52.3nc where the Nitro API returns error messages with an incorrect Content-Type, enabling remote XSS via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. Multiple sources corroborate the vulnerabi...
CVE-2007-6192
The CVE-2007-6192 entry describes an information disclosure vulnerability in the Citrix NetScaler Web Management Interface (NetScaler 8.0 build 47.8). The issue arises from using weak encryption to protect cookie contents by XORing sensitive values (including credentials) with a fixed key stream,...
CVE-2018-6186
CVE-2018-6186 affects Citrix NetScaler VPX through NS12.0 53.13.nc, enabling an SSRF attack via the /rapi/read_url URI by an authenticated user with a webapp account. The attacker can gain nsroot access and execute remote commands with root privileges. The issue is addressed by upgrading to Citri...
CVE-2016-2071
CVE-2016-2071 affects Citrix NetScaler ADC and NetScaler Gateway. Affected: NetScaler ADC/Gateway 11.x before 11.0 Build 64.34; 10.5 before 10.5 Build 59.13; 10.5.e before Build 59.1305.e. It allows remote attackers to gain privileges via unspecified NS Web GUI commands. Connected documents corro...
CVE-2007-6037
CVE-2007-6037 corresponds to a cross-site scripting (XSS) vulnerability in Citrix NetScaler 8.0 build 47.8, specifically affecting the web management interface via ws/generic_api_call.pl and the standalone parameter (and other unspecified params). OpenVAS entries describe the NetScaler Web Manage...
CVE-2015-2841
CVE-2015-2841 affects Citrix NetScaler AppFirewall (NetScaler 10.5) by allowing remote attackers to bypass firewall restrictions through a crafted Content-Type header (e.g., application/octet-stream and text/xml). The root cause is parameter/header handling in AppFirewall that permits content-typ...
CVE-2016-2072
Citrix NetScaler ADC and NetScaler Gateway are affected by a clickjacking vulnerability in the Administrative Web Interface. Affected product lines include Citrix NetScaler ADC/NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1. T...