Lucene search
K

1093 matches found

securityvulns
securityvulns
added 2014/11/18 12:0 a.m.50 views

Microsoft Active Directory Federation Services information leakage

It's possible to access closed session...

5CVSS2.5AI score0.20317EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/12 12:0 a.m.21 views

MS14-077: Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)

The remote Windows host is affected by a vulnerability in the Active Directory Federation Services AD FS that allows an attacker to obtain unspecified information if a user logs off the application without closing their browser and an attacker immediately reopens the application. C Tenable Networ...

5CVSS5.6AI score0.20317EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/11/12 12:0 a.m.41 views

Microsoft Active Directory Federation Services Information Disclosure Vulnerability (3003381)

This host is missing an important security update according to Microsoft Bulletin MS14-077. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5CVSS5.1AI score0.20317EPSS
Exploits0References3
NVD
NVD
added 2014/11/11 10:55 p.m.15 views

CVE-2014-6331

Microsoft Active Directory Federation Services AD FS 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active...

5CVSS6.3AI score0.20317EPSS
Exploits0References4
Prion
Prion
added 2014/11/11 10:55 p.m.17 views

Information disclosure

Microsoft Active Directory Federation Services AD FS 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active...

5CVSS6.7AI score0.20317EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/11/11 10:0 p.m.54 views

CVE-2014-6331

CVE-2014-6331 affects Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1 and 3.0. The vulnerability arises when a configured SAML Relying Party lacks a sign-out endpoint and logoff actions are not processed correctly, enabling information disclosure and potential access via an unatte...

5CVSS6.4AI score0.20317EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/11/11 10:0 p.m.19 views

CVE-2014-6331

Microsoft Active Directory Federation Services AD FS 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active...

6.2AI score0.20317EPSS
Exploits0References4
MSRC
MSRC
added 2014/11/11 8:0 a.m.13 views

November 2014 Updates

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...

7AI score
Exploits0
Symantec
Symantec
added 2014/11/11 12:0 a.m.23 views

Microsoft Active Directory Federation Services CVE-2014-6331 Information Disclosure Vulnerability

Description Microsoft Active Directory Federation Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Active Directory Federation Services 2.0...

5CVSS1.3AI score0.20317EPSS
Exploits0Affected Software1
Kaspersky
Kaspersky
added 2014/11/11 12:0 a.m.52 views

KLA10612 Information disclosure vulnerability in Microsoft AD Federation Services

An unspecified vulnerability was found in Microsoft AD Federation Services. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via unattended workstation manipulations. Original advisories CVE-2014-6331 Related products...

5CVSS6.4AI score0.20317EPSS
Exploits0References4
MSRC
MSRC
added 2014/11/06 8:0 a.m.15 views

Advance Notification Service for the November 2014 Security Bulletin Release

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...

7.1AI score
Exploits0
CVE
CVE
added 2014/10/21 10:0 a.m.34 views

CVE-2014-7737

CVE-2014-7737 affects the Android app FMAC : Federation Culinaire (com.fmac) 1.0. The vulnerability is that the application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The co...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/10/19 10:55 a.m.21 views

CVE-2014-7392

The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Prion
Prion
added 2014/10/19 10:55 a.m.16 views

Information disclosure

The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/10/19 10:0 a.m.34 views

CVE-2014-7392

The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2014/10/19 10:0 a.m.38 views

CVE-2014-7392

The CVE refers to the Android app Russian Federation Traffic Rules (com.russia.pdd), version 1.21, which does not verify X.509 certificates from SSL servers. This misconfiguration allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The u...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2014/03/01 10:0 p.m.5 views

Russia Today (RT) Hacked, "Russian" replaced with "Nazi" in News Headlines

'Russia Today', Moscow based Russia's biggest news channel website RT.com has been hacked and defaced by an unknown group of hackers. Hackers have replaced “Russia” or “Russians” with “Nazi” or “Nazis” word from the headlines, as shown. "RT website has been hacked, we are working to resolve the...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.56 views

HP IceWall SSO, IceWall File Manager and IceWall Federation Agent multiple security vulnerabilities

Multiple unauthorized access vulnerabilities...

5CVSS2.1AI score0.03297EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.55 views

[security bulletin] HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03918632 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03918632 Version: 1 HPSBGN02925 rev....

5CVSS6.2AI score0.03297EPSS
Exploits0
seebug.org
seebug.org
added 2013/08/25 12:0 a.m.33 views

Microsoft Active Directory Federation Services信息泄露漏洞(CVE-2013-3185)(MS13-066)

BUGTRAQ ID: 61672 CVECAN ID: CVE-2013-3185 活动目录(Active Directory)是面向Windows Standard Server、Windows Enterprise Server以及Windows Datacenter Server的目录服务。 Microsoft Active Directory Federation Services...

5CVSS6.1AI score0.41432EPSS
Exploits1
Rows per page
Query Builder