Mostrando entradas con la etiqueta citrix. Mostrar todas las entradas
Mostrando entradas con la etiqueta citrix. Mostrar todas las entradas

NEW Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability

Posted: 10/12/10 by komz in Etiquetas: , , , ,
0

The Citrix Web Interface is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Citrix Web Interface versions 5.0 through 5.3 are vulnerable.


REFERENCE.

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com 

NUEVA VULNERABILIDAD, Citrix Online Plug-In and ICA Client Heap Overflow Remote Code Execution Vulnerability

Posted: 5/8/10 by komz in Etiquetas: , ,
0

Citrix Online Plug-In and ICA Client are prone to a remote code-execution vulnerability because the applications fail to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

The following products are vulnerable:

Citrix Online Plug-in for XenApp & XenDesktop for Windows prior to version 11.2
Citrix Online Plug-in for XenApp & XenDesktop for Mac prior to version 11.0
Citrix ICA Client for Linux (x86 and ARM) prior to version 11.100
Citrix ICA Client for Solaris (x86 and Sparc) prior to version 8.63
Citrix Receiver for Windows Mobile prior to version 11.5

REFERENCIA DE LA VULNERABILIDAD 

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com

NUEVA VULNERABILIDAD, Citrix XenApp Onine Plug-in ActiveX Control Remote Code Execution Vulnerability

Posted: by komz in Etiquetas: , ,
0

Citrix XenApp Online Plug-in is prone to a remote code-execution vulnerability that affects the ICA Client ActiveX Object (ICO) component.

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Successful exploits will allow the attacker to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control.

Citrix XenApp Online Plug-in versions prior to 12.0.3 are vulnerable.
REFERENCIA DE LA VULNERABILIDAD 

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com