1093 matches found
Microsoft Active Directory Federation Services information leakage
It's possible to access closed session...
MS14-077: Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
The remote Windows host is affected by a vulnerability in the Active Directory Federation Services AD FS that allows an attacker to obtain unspecified information if a user logs off the application without closing their browser and an attacker immediately reopens the application. C Tenable Networ...
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (3003381)
This host is missing an important security update according to Microsoft Bulletin MS14-077. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2014-6331
Microsoft Active Directory Federation Services AD FS 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active...
Information disclosure
Microsoft Active Directory Federation Services AD FS 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active...
CVE-2014-6331
CVE-2014-6331 affects Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1 and 3.0. The vulnerability arises when a configured SAML Relying Party lacks a sign-out endpoint and logoff actions are not processed correctly, enabling information disclosure and potential access via an unatte...
CVE-2014-6331
Microsoft Active Directory Federation Services AD FS 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active...
November 2014 Updates
Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures CVEs in Microsoft Windows, Internet Explorer IE, Office, .NET Framework, Internet Information Services IIS,...
Microsoft Active Directory Federation Services CVE-2014-6331 Information Disclosure Vulnerability
Description Microsoft Active Directory Federation Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Active Directory Federation Services 2.0...
KLA10612 Information disclosure vulnerability in Microsoft AD Federation Services
An unspecified vulnerability was found in Microsoft AD Federation Services. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via unattended workstation manipulations. Original advisories CVE-2014-6331 Related products...
Advance Notification Service for the November 2014 Security Bulletin Release
Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...
CVE-2014-7737
CVE-2014-7737 affects the Android app FMAC : Federation Culinaire (com.fmac) 1.0. The vulnerability is that the application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The co...
CVE-2014-7392
The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7392
The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7392
The CVE refers to the Android app Russian Federation Traffic Rules (com.russia.pdd), version 1.21, which does not verify X.509 certificates from SSL servers. This misconfiguration allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The u...
Russia Today (RT) Hacked, "Russian" replaced with "Nazi" in News Headlines
'Russia Today', Moscow based Russia's biggest news channel website RT.com has been hacked and defaced by an unknown group of hackers. Hackers have replaced “Russia” or “Russians” with “Nazi” or “Nazis” word from the headlines, as shown. "RT website has been hacked, we are working to resolve the...
HP IceWall SSO, IceWall File Manager and IceWall Federation Agent multiple security vulnerabilities
Multiple unauthorized access vulnerabilities...
[security bulletin] HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03918632 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03918632 Version: 1 HPSBGN02925 rev....
Microsoft Active Directory Federation Services信息泄露漏洞(CVE-2013-3185)(MS13-066)
BUGTRAQ ID: 61672 CVECAN ID: CVE-2013-3185 活动目录(Active Directory)是面向Windows Standard Server、Windows Enterprise Server以及Windows Datacenter Server的目录服务。 Microsoft Active Directory Federation Services...