Lucene search
K

299 matches found

Cvelist
Cvelist
added 2012/04/10 9:0 p.m.27 views

CVE-2012-0146

Open redirect vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."...

6.4AI score0.10996EPSS
Exploits1References7
Cvelist
Cvelist
added 2012/04/10 9:0 p.m.24 views

CVE-2012-0147

Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...

5.9AI score0.3562EPSS
Exploits1References8
CVE
CVE
added 2012/04/10 9:0 p.m.58 views

CVE-2012-0146

CVE-2012-0146 : Affects Microsoft Forefront UAG 2010 SP1 and SP1 Update 1. Open redirect vulnerability allows remote attackers to redirect users to arbitrary sites via a crafted URL (phishing risk). Root cause is an improper redirect handling in UAG’s web flow. Exploitation is possible remotely; ...

5.8CVSS6.5AI score0.10996EPSS
Exploits1References7Affected Software1
ThreatPost
ThreatPost
added 2012/04/10 7:3 p.m.15 views

Microsoft: Six Bulletins, Four Critical In April Patch

Microsoft issued six patches, four of which were critical in the April 2012 software updates. The company released its monthly patch Tuesday. The patches affect Microsoft Windows, Internet Explorer, the .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United...

1AI score
Exploits0References7
Symantec
Symantec
added 2012/04/10 12:0 a.m.22 views

Microsoft Forefront Unified Access Gateway Information Disclosure Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Forefront Unified Access Gateway 2010 Microso...

7.5AI score
Exploits0Affected Software1
Symantec
Symantec
added 2012/04/10 12:0 a.m.22 views

Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may...

7.3AI score
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2011/12/20 12:0 a.m.15 views

Microsoft Forefront UAG Default Reflected Cross-site Scripting (MS11-079; CVE-2011-1897)

A cross-site scripting vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server. The vulnerability is due to an error in the way the UAG server handles incoming HTTP query strings. A remote attacker could exploit this issue by enticing a user to open a URL containi...

4.3CVSS5.6AI score0.08397EPSS
Exploits0
Saint
Saint
added 2011/10/17 12:0 a.m.38 views

Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...

9.3CVSS7AI score0.17309EPSS
Exploits4
Saint
Saint
added 2011/10/17 12:0 a.m.26 views

Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...

9.3CVSS7AI score0.17309EPSS
Exploits4
Saint
Saint
added 2011/10/17 12:0 a.m.45 views

Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...

9.3CVSS7AI score0.17309EPSS
Exploits4
Saint
Saint
added 2011/10/17 12:0 a.m.27 views

Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...

9.3CVSS7AI score0.17309EPSS
Exploits4
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.63 views

SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969)

SEC Consult Vulnerability Lab Security Advisory 20111012-0 ======================================================================= title: Client-side remote file upload & command execution product: Microsoft Forefront Unified Access Gateway Remote Access Agent signed Java applet vulnerable versio...

9.3CVSS0.1AI score0.17309EPSS
Exploits4
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.72 views

Microsoft Forefront Unified Access Gateway multiple security vulnerabilities

Code execution, crossite scripting, DoS...

9.3CVSS2AI score0.17309EPSS
Exploits4References1Affected Software1
NVD
NVD
added 2011/10/12 2:52 a.m.11 views

CVE-2011-2012

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...

5CVSS6.6AI score0.16588EPSS
Exploits0References3
NVD
NVD
added 2011/10/12 2:52 a.m.12 views

CVE-2011-1897

Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."...

4.3CVSS5.1AI score0.08397EPSS
Exploits0References2
NVD
NVD
added 2011/10/12 2:52 a.m.16 views

CVE-2011-1896

Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."...

4.3CVSS5.1AI score0.08256EPSS
Exploits0References3
NVD
NVD
added 2011/10/12 2:52 a.m.13 views

CVE-2011-1969

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...

9.3CVSS7.8AI score0.17309EPSS
Exploits4References3
NVD
NVD
added 2011/10/12 2:52 a.m.16 views

CVE-2011-1895

CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...

4.3CVSS5.5AI score0.11137EPSS
Exploits0References4
Prion
Prion
added 2011/10/12 2:52 a.m.12 views

Session fixation

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...

5CVSS7.1AI score0.16588EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2011/10/12 2:52 a.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."...

4.3CVSS5.4AI score0.08256EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder