Presentation Server Client
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0356 | 0.06 | — | 0.73 | Jan 18, 2008 | Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size… | |||
| CVE-2006-6334 | 0.06 | — | 0.34 | Dec 8, 2006 | Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. | |||
| CVE-2007-0444 | 0.04 | — | 0.14 | Jan 24, 2007 | Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2)… | |||
| CVE-2008-6561 | 0.00 | — | 0.00 | Mar 31, 2009 | Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | |||
| CVE-2008-5107 | 0.00 | — | 0.00 | Nov 17, 2008 | The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||
| CVE-2008-4676 | 0.00 | — | 0.00 | Oct 22, 2008 | Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. … | |||
| CVE-2008-2300 | 0.00 | — | 0.01 | May 18, 2008 | Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors. | |||
| CVE-2008-2299 | 0.00 | — | 0.01 | May 18, 2008 | Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow… | |||
| CVE-2007-3625 | 0.00 | — | 0.02 | Jul 9, 2007 | The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | |||
| CVE-2007-1196 | 0.00 | — | 0.04 | Mar 2, 2007 | Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. | |||
| CVE-2006-5861 | 0.00 | — | 0.04 | Nov 10, 2006 | The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped… | |||
| CVE-2006-5821 | 0.00 | — | 0.05 | Nov 10, 2006 | Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service… | |||
| CVE-2002-2426 | 0.00 | — | 0.01 | Dec 31, 2002 | Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated… |
- CVE-2008-0356Jan 18, 2008risk 0.06cvss —epss 0.73
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size…
- CVE-2006-6334Dec 8, 2006risk 0.06cvss —epss 0.34
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
- CVE-2007-0444Jan 24, 2007risk 0.04cvss —epss 0.14
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2)…
- CVE-2008-6561Mar 31, 2009risk 0.00cvss —epss 0.00
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
- CVE-2008-5107Nov 17, 2008risk 0.00cvss —epss 0.00
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
- CVE-2008-4676Oct 22, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. …
- CVE-2008-2300May 18, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Citrix Presentation Server 4.5 and earlier, Citrix Access Essentials 2.0 and earlier, and Citrix Desktop Server 1.0 allows remote authenticated users to access unauthorized desktops via unknown attack vectors.
- CVE-2008-2299May 18, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow…
- CVE-2007-3625Jul 9, 2007risk 0.00cvss —epss 0.02
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
- CVE-2007-1196Mar 2, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
- CVE-2006-5861Nov 10, 2006risk 0.00cvss —epss 0.04
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped…
- CVE-2006-5821Nov 10, 2006risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service…
- CVE-2002-2426Dec 31, 2002risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated…