Citrix: Security Vulnerabilities
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-12-20
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
CVSS Score
7.5
EPSS Score
0.113
Published
2005-12-16
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVSS Score
4.3
EPSS Score
0.007
Published
2005-12-03
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).
CVSS Score
7.5
EPSS Score
0.008
Published
2005-10-04
Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-02
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-02
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
CVSS Score
2.1
EPSS Score
0.001
Published
2004-12-31
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
CVSS Score
5.0
EPSS Score
0.005
Published
2004-04-26
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.
CVSS Score
7.5
EPSS Score
0.039
Published
2004-04-26
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
CVSS Score
4.3
EPSS Score
0.019
Published
2003-12-31