Lucene search
K

299 matches found

Prion
Prion
added 2011/10/12 2:52 a.m.10 views

Crlf injection

CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...

4.3CVSS5.5AI score0.11137EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/10/12 1:0 a.m.75 views

CVE-2011-1969

CVE-2011-1969 affects Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 through the MicrosoftClient.jar Java applet. The issue arises because the signed Java applet loads unsigned Java classes, which can be exploited to execute arbitrary code on client machin...

9.3CVSS7.9AI score0.17309EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2011/10/12 1:0 a.m.17 views

CVE-2011-1969

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...

7.8AI score0.17309EPSS
Exploits4References3
CVE
CVE
added 2011/10/12 1:0 a.m.43 views

CVE-2011-1896

CVE-2011-1896 is a reflected XSS in Microsoft Forefront UAG (ExcelTable.aspx) affecting 2010 Gold, Update 1/2, and SP1. Root cause: Web Monitor fails to sanitize some input, allowing arbitrary script execution in the victim’s browser. Documents indicate exploitation could arise from the UAG Web M...

4.3CVSS5.1AI score0.08256EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2011/10/12 1:0 a.m.22 views

CVE-2011-1896

Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."...

5.1AI score0.08256EPSS
Exploits0References3
CVE
CVE
added 2011/10/12 1:0 a.m.55 views

CVE-2011-1897

CVE-2011-1897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Forefront UAG 2010 Gold, Update 1, Update 2, and SP1 (the issue is identified as the Default Reflected XSS Vulnerability). Public sources in the provided set confirm the vulnerability is addressed by Microsoft MS11-07...

4.3CVSS5.1AI score0.08397EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/10/12 1:0 a.m.46 views

CVE-2011-2012

Microsoft Forefront UAG 2010 Gold/Update 1/2 and SP1 is affected by CVE-2011-2012 due to improper validation of session cookies, enabling a remote attacker to cause a denial of service (IIS outage) by sending unspecified network traffic. This is part of the MS11-079 set of vulnerabilities and is ...

5CVSS6.7AI score0.16588EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2011/10/12 1:0 a.m.18 views

CVE-2011-1895

CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...

5.5AI score0.11137EPSS
Exploits0References4
CVE
CVE
added 2011/10/12 1:0 a.m.57 views

CVE-2011-1895

Microsoft Forefront UAG (2010 Gold/Update 1/Update 2/SP1) is affected by multiple vulnerabilities addressed in MS11-079. The CVE-2011-1895 issue is an HTTP response-splitting/CRLF injection in ExcelTable.asp that can lead to header tampering and related cross-site scripting attacks; related CVEs ...

4.3CVSS5.5AI score0.11137EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/10/12 1:0 a.m.16 views

CVE-2011-2012

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...

6.6AI score0.16588EPSS
Exploits0References3
Symantec
Symantec
added 2011/10/11 12:0 a.m.24 views

Microsoft Forefront Unified Access Gateway (CVE-2011-1897) Cross-Site Scripting Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

4.3CVSS6.2AI score0.08397EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.5 views

Microsoft ForeFront ExcelTable Data Cross-Site Scripting (MS11-079)

An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...

4.3CVSS5.8AI score0.08256EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.6 views

Preemptive Protection against Microsoft Forefront UAG ExcelTable Reflected XSS Information Disclosure (MS11-079; CVE-2011-1896)

An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...

4.3CVSS5.8AI score0.08256EPSS
Exploits0
Symantec
Symantec
added 2011/10/11 12:0 a.m.22 views

Microsoft Forefront Unified Access Gateway (CVE-2011-1896) Cross-Site Scripting Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

4.3CVSS6.2AI score0.08256EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.14 views

Microsoft Forefront UAG ExcelTable Information Disclosure (MS11-079; CVE-2011-1895)

An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG. The vulnerability is due to improper validation of user supplied URLs by the UAG server. A remote attacker could trigger this issue by sending a specially crafted HTTP request to an affect...

4.3CVSS5.6AI score0.11137EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.17 views

Microsoft Forefront UAG Poisoned Cup of Code Execution (MS11-079; CVE-2011-1969)

The vulnerability is due to a vulnerable Java applet that is installed on a browser by the Forefront Unified Access Gateway UAG server. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page using a Java-enabled Web-browser. Successful exploitation...

9.3CVSS6.3AI score0.17309EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.16 views

Preemptive Protection against Microsoft Forefront UAG Default Reflected XSS Information Disclosure (MS11-079; CVE-2011-1897)

An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...

4.3CVSS5.8AI score0.08397EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.14 views

Microsoft Forefront UAG Session Cookie Denial of Service (MS11-079; CVE-2011-2012)

A denial of service vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG. The vulnerability is due to improper validation of certain values contained within the session cookie. A remote attacker may exploit this vulnerability by sending specially crafted network traff...

5CVSS6.1AI score0.16588EPSS
Exploits0
Symantec
Symantec
added 2011/10/11 12:0 a.m.14 views

Microsoft Forefront Unified Access Gateway 'MicrosoftClient.Jar' Remote Code Execution Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code in the context of the logged-in user. Technologies Affected Microsoft Forefront Unified Access Gateway 2010 Microsoft...

1.3AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/10/11 12:0 a.m.43 views

MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

The version of Forefront Unified Access Gateway UAG running on the remote host has multiple vulnerabilities in the Web Monitor component : - An HTTP response splitting vulnerability in ExcelTable.asp. CVE-2011-1895 - A reflected XSS in ExcelTable.asp. CVE-2011-1896 - A reflected XSS in Default.as...

9.3CVSS6AI score0.17309EPSS
Exploits4References7
Rows per page
Query Builder