7 matches found
CVE-2008-0356
CVE-2008-0356 describes a heap-based buffer overflow in Citrix Presentation Server’s Independent Management Architecture (IMA) service (ImaSrv.exe). By sending crafted packets to the IMA ports 2512/2513, an unauthenticated remote attacker could overflow a heap buffer and execute arbitrary code wi...
CVE-2008-2299
The CVE-2008-2299 entry involves Citrix Presentation Server 4.5 and earlier (also affecting Access Essentials 2.0 and Desktop Server 1.0) where SecureICA and ICA Basic encryption can be configured but allow clients to end up using weaker encryption settings than intended, potentially bypassing ad...
CVE-2008-5107
CVE-2008-5107 affects Citrix Presentation Server 4.5 and Citrix Desktop Server 1.0. When MSI logging is enabled, the installation process stores database credentials in MSI log files, allowing local users to read them and obtain credentials. Root cause described as the logging process exposing se...
CVE-2009-2453
CVE-2009-2453 affects Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3. The issue is that an access policy is not applied when the policy is defined with the Access Gateway Advanced Edition filters, enabling bypass of intended access restrictions via unknown vectors. The conn...
CVE-2008-4676
Summary: CVE-2008-4676 describes an unspecified local privilege-escalation vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0. The issue is triggered by unknown attack vectors related to cr...
CVE-2006-3779
CVE-2006-3779 affects Citrix MetaFrame up to XP 1.0 Feature 1 on Windows Server 2003. The issue is a registry key created with an insecure ACL, which allows remote authenticated users to gain privileges. The root cause is improper ACL protection on a registry entry, enabling elevation of privileg...
CVE-2002-2426
The CVE-2002-2426 entry describes a CSRF vulnerability in Citrix Presentation Server 4.0/4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0–2.0. The issue arises from the InitialProgram key in an ICA connection, allowing remote attackers to run published applications (and possibly ...