Citrix Presentation Server Client WFICA.OCX ActiveX component heap buffer overflow exploit.
1d5f55c08aed2772a1687dc30b77a07987a65136e0be10cbf56ee59a69461f8dThe Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected.
7dcc2aa9372419c9c8a42274ec03367e8a37d4902ba8905cc51d86c2effbdbaaThis Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.
70dc89253162a6b119c3d606f6c3f8993ac2cf75090d967905fead6d2ddd4d90Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.
2c11d86d93cfd73bd58d127cdd74b7f28105f208d9e5dc7da4bc9f6274cd90fcThis Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.
0f0c8e65ca7fee56037d7ddffc1e77aeffb0987b8111f2b772dbffe0b1b1fb89This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 10.5.
bec68a9167966887bfc41632126f3582e09608bebf23999be1ca53bae2414759Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.
58fc2672000bf17d12588526d12ca1207500f1e227f4abda50e070491b0d9866Citrix Application Delivery Controller and Citrix Gateway remote code execution proof of concept exploit.
a478cf3ef59e8055d4d74c4d106b3ad452dedc740043528288bc4f6c8077e649Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.
179c0d1aea2e1a88c424e879d0658af19c0726c2fbf5308693fd30506d076ec8Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.
35d49241776f0e93fd18d36ff74eb03319d7260a004bea11c110838e3f48883eThe management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.
e7627b90298023da272c5c16d0da665c56143382a6c2331b9af84784625a3870Citrix SD-WAN version 9.1.2.26.561201 logout cookie pre-authentication remote command injection exploit.
a9d18103386b7c5413eb695eaee5e1020ef143fa405d4b964605ff5561db732dCitrix Receiver / Receiver Desktop Lock version 4.5 suffers from an authentication bypass vulnerability.
b5b665b62d8bd65c8349df73d7cef8a91bd89e880eac933239beacebb88b38bdThe login page of the Citrix Netscaler Gateway web front-end is vulnerable to a DOM-based cross site scripting (XSS) vulnerability due to improper sanitization of the content of the "NSC_TMAC" cookie.
a907282e85cbd46ffd00df290cafdd51155648f582be3aa5b66d82cc3e3fbe7bA command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9eIt was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
d441a8929d46f3b81888279baadee2699e3507b40eda951a86945b935b33baacA cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config server can send a specially crafted response in order to trigger a memory corruption and overwrite data in the stack, to finally execute arbitrary code with the privileges of the web server running the SOAP handler. This Metasploit module has been tested successfully on the NetScaler Virtual Appliance 450010.
bbd94c2938c7acadc669fd040b87af734ca8b8359c12bfca9b43d24c4a997c1dThe remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 assigns an empty trust manager to its SSL context, causing it to accept any certificate regardless of validity.
e5644b3c84ef1767a4c3219f5059c4bdfb37dcedae655c50b6b91a1d4af6d79aThe remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 contains a poor implementation of the Diffie-Hellman key exchange algorithm. The random number generator used to produce secret values is the java.util.Random class, which is not of cryptographic quality. Publicly known predictors exist for the underlying RNG, and the seed is either 32-bit or 48-bit depending on the host system.
612fdba9feea5c0713bc91be355ef4db41095f1483e3d0a2d21522880fdb4da5This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020006 (GetObjetsRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.
e3c0a6f5b3a3f26ed4fb9bebaf9f0c8831cc32e99feb9f9583bae8d17e4829c2This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020002 (GetFooterRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.
95742b6130c01a360fcb07725b756b00b4f683ebbfffb07615e116c0dbccde5fThis Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020004 (GetBootRecordRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.
48a0910b2afcd24f3d4c665d8c997a2e0fe577dffb6bca3c0ecace91c10b120fThis Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
5d732951640be5f0d7a3bbb2123ba314dbfea24dfb6b7fe3d4aa47cf4fcea31aCitrix XenDesktop, XenServer, Receiver version 5.6 SP2 suffer from a pass-the-hash attack vulnerability due to not using SSL.
1cdc447222c2b4047d47fb0a65039267225b922c70e82b599759e03fa6d8207b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed