EUVD-2001-0539

Malware in sbrugna...

CVE-2001-1533

Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability...

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

Description of the ISA Server 2006 hotfix package: July 14, 2009

Describes the ISA Server 2006 hotfix package that is dated July 14, 2009.INTRODUCTIONThis article describes the Microsoft Internet Security and Acceleration ISA Server 2006 hotfix package that is dated July 14, 2009. This hotfix package fixes some issues in ISA Server 2006. For more information...

MS09-012: Description of the security update for Windows Service Isolation: April 2009

MS09-012: Description of the security update for Windows Service Isolation: April 2009 Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 SP2. For more information, refe...

Microsoft ISA Server 2000 Web Proxy DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2600/info It is possible for a user to cause the Web Proxy service on a host running MS ISA Server to stop responding. If a HTTP request with an unusually long path is submitted, the Web Proxy service could stop respondin...

MS IE 5/6,MS ISA Server 2000,MS Proxy Server 2.0 Gopher Client Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/4930/info Microsoft Internet Explorer, Proxy Server and ISA Server includes a gopher client. Reportedly, these clients are vulnerable to a buffer overflow condition. The vulnerability exists in the component that parses...

Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8207/info ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the request was made fo...

Microsoft Web Proxy TCP State Limited Denial of Service (MS09-016; CVE-2009-0077)

A denial of service vulnerability has been reported in Microsoft Internet Security and Acceleration ISA Server...

Microsoft ISA Server HTTP Content Header (MS05-034; CVE-2005-1215)

The Microsoft Internet Security and Acceleration ISA Server is a firewall and web proxy caching server. While relaying client requests to upstream servers, ISA will keep a copy of the returned content in its cache. When unchanged resources are later requested by web clients, the content is served...

CVE-2009-2496

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration ISA Server 200...

CVE-2009-2496

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration ISA Server 200...

CVE-2009-2496

CVE-2009-2496 : Heap-based/heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control of Microsoft Office Web Components. Exploitation requires a user to load a malicious web page and trigger a specific sequence of method calls, leading to remote code execution. Affected products incl...

CVE-2009-1135

Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...

Design/Logic Flaw

Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...

CVE-2009-1135

CVE-2009-1135 affects Microsoft ISA Server 2006 (Gold/SP1) when Radius OTP is enabled. The vulnerability stems from ISA Server using HTTP-Basic authentication for Radius OTP-enabled requests, which can let a remote attacker impersonate a valid user and access published web resources behind the IS...

Microsoft ISA Server Radius OTP验证绕过漏洞

Bugraq ID: 35631 CVE ID：CVE-2009-1135 Microsoft ISA Server是一款企业防火墙和高性能的Web缓存解决方案。 配置了Radius OTP的ISA Server 2006验证机制存在问题，远程攻击者可以利用漏洞绕过验证访问受限WEB资源。 当使用HTTP-Basic方法验证请求时存在未明错误，可导致访问WEB发布的资源。 成功利用漏洞需要合法管理用户名和ISA服务器配置了Radius一次性密码OTP验证和KCDKerberos Constrained Delegation的验证委托。 Microsoft ISA Server 2006...

Microsoft ISA Server Privilege Escalation Vulnerability (970953)

This host is missing a critical security update according to Microsoft Bulletin MS09-031. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft ISA Server Privilege Escalation Vulnerability (970953)

This host is missing a critical security update according to Microsoft Bulletin MS09-031. OpenVAS Vulnerability Test $Id: secpodms09-031.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft ISA Server Privilege Escalation Vulnerability 970953 Authors: Nikita MR Copyright Copyright c 2009 SecPod,...

Inside Microsoft's July Security Patch Batch

Microsoft released six security bulletins today — three rated Critical and three rated Important. Two of the issues are being actively exploited on the Internet and four of the issues are client-side vulnerabilities, which means the exploit can only occur if a user visits an evil website or opens...