299 matches found
CVE-2012-0146
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."...
CVE-2012-0147
Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...
CVE-2012-0146
CVE-2012-0146 : Affects Microsoft Forefront UAG 2010 SP1 and SP1 Update 1. Open redirect vulnerability allows remote attackers to redirect users to arbitrary sites via a crafted URL (phishing risk). Root cause is an improper redirect handling in UAG’s web flow. Exploitation is possible remotely; ...
Microsoft: Six Bulletins, Four Critical In April Patch
Microsoft issued six patches, four of which were critical in the April 2012 software updates. The company released its monthly patch Tuesday. The patches affect Microsoft Windows, Internet Explorer, the .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United...
Microsoft Forefront Unified Access Gateway Information Disclosure Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Forefront Unified Access Gateway 2010 Microso...
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may...
Microsoft Forefront UAG Default Reflected Cross-site Scripting (MS11-079; CVE-2011-1897)
A cross-site scripting vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server. The vulnerability is due to an error in the way the UAG server handles incoming HTTP query strings. A remote attacker could exploit this issue by enticing a user to open a URL containi...
Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution
Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...
Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution
Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...
Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution
Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...
Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution
Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...
SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969)
SEC Consult Vulnerability Lab Security Advisory 20111012-0 ======================================================================= title: Client-side remote file upload & command execution product: Microsoft Forefront Unified Access Gateway Remote Access Agent signed Java applet vulnerable versio...
Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
Code execution, crossite scripting, DoS...
CVE-2011-2012
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...
CVE-2011-1897
Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."...
CVE-2011-1896
Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."...
CVE-2011-1969
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...
CVE-2011-1895
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...
Session fixation
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...
Cross site scripting
Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."...