299 matches found
Crlf injection
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...
CVE-2011-1969
CVE-2011-1969 affects Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 through the MicrosoftClient.jar Java applet. The issue arises because the signed Java applet loads unsigned Java classes, which can be exploited to execute arbitrary code on client machin...
CVE-2011-1969
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...
CVE-2011-1896
CVE-2011-1896 is a reflected XSS in Microsoft Forefront UAG (ExcelTable.aspx) affecting 2010 Gold, Update 1/2, and SP1. Root cause: Web Monitor fails to sanitize some input, allowing arbitrary script execution in the victim’s browser. Documents indicate exploitation could arise from the UAG Web M...
CVE-2011-1896
Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."...
CVE-2011-1897
CVE-2011-1897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Forefront UAG 2010 Gold, Update 1, Update 2, and SP1 (the issue is identified as the Default Reflected XSS Vulnerability). Public sources in the provided set confirm the vulnerability is addressed by Microsoft MS11-07...
CVE-2011-2012
Microsoft Forefront UAG 2010 Gold/Update 1/2 and SP1 is affected by CVE-2011-2012 due to improper validation of session cookies, enabling a remote attacker to cause a denial of service (IIS outage) by sending unspecified network traffic. This is part of the MS11-079 set of vulnerabilities and is ...
CVE-2011-1895
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...
CVE-2011-1895
Microsoft Forefront UAG (2010 Gold/Update 1/Update 2/SP1) is affected by multiple vulnerabilities addressed in MS11-079. The CVE-2011-1895 issue is an HTTP response-splitting/CRLF injection in ExcelTable.asp that can lead to header tampering and related cross-site scripting attacks; related CVEs ...
CVE-2011-2012
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...
Microsoft Forefront Unified Access Gateway (CVE-2011-1897) Cross-Site Scripting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Microsoft ForeFront ExcelTable Data Cross-Site Scripting (MS11-079)
An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...
Preemptive Protection against Microsoft Forefront UAG ExcelTable Reflected XSS Information Disclosure (MS11-079; CVE-2011-1896)
An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...
Microsoft Forefront Unified Access Gateway (CVE-2011-1896) Cross-Site Scripting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Microsoft Forefront UAG ExcelTable Information Disclosure (MS11-079; CVE-2011-1895)
An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG. The vulnerability is due to improper validation of user supplied URLs by the UAG server. A remote attacker could trigger this issue by sending a specially crafted HTTP request to an affect...
Microsoft Forefront UAG Poisoned Cup of Code Execution (MS11-079; CVE-2011-1969)
The vulnerability is due to a vulnerable Java applet that is installed on a browser by the Forefront Unified Access Gateway UAG server. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page using a Java-enabled Web-browser. Successful exploitation...
Preemptive Protection against Microsoft Forefront UAG Default Reflected XSS Information Disclosure (MS11-079; CVE-2011-1897)
An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...
Microsoft Forefront UAG Session Cookie Denial of Service (MS11-079; CVE-2011-2012)
A denial of service vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG. The vulnerability is due to improper validation of certain values contained within the session cookie. A remote attacker may exploit this vulnerability by sending specially crafted network traff...
Microsoft Forefront Unified Access Gateway 'MicrosoftClient.Jar' Remote Code Execution Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code in the context of the logged-in user. Technologies Affected Microsoft Forefront Unified Access Gateway 2010 Microsoft...
MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
The version of Forefront Unified Access Gateway UAG running on the remote host has multiple vulnerabilities in the Web Monitor component : - An HTTP response splitting vulnerability in ExcelTable.asp. CVE-2011-1895 - A reflected XSS in ExcelTable.asp. CVE-2011-1896 - A reflected XSS in Default.as...