13 matches found
ADFS Relying Party Trusts Disclosure
Microsoft Active Directory Federation Services ADFS is a very popular Single Sign On SSO feature offering identity federation to organizations. An ADFS server can be configured to show a login page to connect to corporate applications directly from this Identity Provider IdP. When enabled, this w...
Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability
Microsoft Active Directory Federated Services ADFS suffers from a time-based user enumeration vulnerability. + Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source:...
Cross site scripting
A cross-site-scripting XSS vulnerability exists when an open source customization for Microsoft Active Directory Federation Services AD FS does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Directory Federation Service...
KLA10986 Information disclosure vulnerability in Microsoft Active Directory Federation Services
An improper honoring of XML External Entities was found in Microsoft Active Directory Federation Services ADFS. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request. Original advisories...
Microsoft Active Directory Federation Services CVE-2016-0037 Denial of Service Vulnerability
Description Microsoft Active Directory Federation Services is prone to a denial of service vulnerability. Successful exploits may allow the attacker to cause the server to become non-responsive, resulting in denial of service conditions. Technologies Affected Microsoft Active Directory Federation...
KLA10752 Denial of service vulnerability in Microsoft Acrtive Directory Federation Services
Lack of input data checks was found in Microsoft Active Directory Federation Services. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed input to form-based authentication. Original advisories...
Microsoft Active Directory Federation Services crossite scripting
Crossite scipring in web interface...
Microsoft Active Directory Federation Services CVE-2015-1757 Privilege Escalation Vulnerability
Description Microsoft Active Directory Federation Services is prone to a remote privilege-escalation vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions in the context of the currently...
CVE-2015-1638
Microsoft Active Directory Federation Services AD FS 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosur...
Microsoft Active Directory Federation Services CVE-2015-1638 Information Disclosure Vulnerability
Description Microsoft Active Directory Federation Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Active Directory Federation Services 3.0...
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (3003381)
This host is missing an important security update according to Microsoft Bulletin MS14-077. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Active Directory Federation Services CVE-2014-6331 Information Disclosure Vulnerability
Description Microsoft Active Directory Federation Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Active Directory Federation Services 2.0...
Microsoft Active Directory Federation Services CVE-2013-3185 Information Disclosure Vulnerability
Description Microsoft Active Directory Federation Services is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPil...