19 matches found
Default credentials
Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...
CVE-2012-0146
CVE-2012-0146 : Affects Microsoft Forefront UAG 2010 SP1 and SP1 Update 1. Open redirect vulnerability allows remote attackers to redirect users to arbitrary sites via a crafted URL (phishing risk). Root cause is an improper redirect handling in UAG’s web flow. Exploitation is possible remotely; ...
Microsoft Forefront UAG Default Reflected Cross-site Scripting (MS11-079; CVE-2011-1897)
A cross-site scripting vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server. The vulnerability is due to an error in the way the UAG server handles incoming HTTP query strings. A remote attacker could exploit this issue by enticing a user to open a URL containi...
SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969)
SEC Consult Vulnerability Lab Security Advisory 20111012-0 ======================================================================= title: Client-side remote file upload & command execution product: Microsoft Forefront Unified Access Gateway Remote Access Agent signed Java applet vulnerable versio...
Session fixation
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service IIS outage via unspecified network traffic, aka "Null Session Cookie Crash."...
CVE-2011-1969
Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...
CVE-2011-1895
Microsoft Forefront UAG (2010 Gold/Update 1/Update 2/SP1) is affected by multiple vulnerabilities addressed in MS11-079. The CVE-2011-1895 issue is an HTTP response-splitting/CRLF injection in ExcelTable.asp that can lead to header tampering and related cross-site scripting attacks; related CVEs ...
Preemptive Protection against Microsoft Forefront UAG ExcelTable Reflected XSS Information Disclosure (MS11-079; CVE-2011-1896)
An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...
Microsoft Forefront UAG Poisoned Cup of Code Execution (MS11-079; CVE-2011-1969)
The vulnerability is due to a vulnerable Java applet that is installed on a browser by the Forefront Unified Access Gateway UAG server. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page using a Java-enabled Web-browser. Successful exploitation...
Preemptive Protection against Microsoft Forefront UAG Default Reflected XSS Information Disclosure (MS11-079; CVE-2011-1897)
An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway UAG server...
Microsoft Forefront UAG Signurl.asp Cross-Site Scripting (MS10-089; CVE-2010-3936)
Microsoft Forefront Unified Access Gateway UAG is designed to provide secure remote access to corporate resources for employees, partners and vendors from both managed and unmanaged PCs and mobile devices. UAG provides a variety of connection options including SSL VPN, Microsoft DirectAccess and...
CVE-2010-3936
Cross-site scripting XSS vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."...
CVE-2010-2734
Cross-site scripting XSS vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefron...
CVE-2010-2733
Cross-site scripting XSS vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."...
CVE-2010-2732
Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."...
Cross site scripting
Cross-site scripting XSS vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefron...
Cross site scripting
Cross-site scripting XSS vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."...
Preemptive Protection against Multiple Microsoft Forefront UAG Cross-Site Scripting Vulnerabilities (MS10-089)
Multiple cross-site scripting vulnerabilities have been reported in Microsoft Forefront Unified Access Gateway UAG. Microsoft Forefront UAG is a virtual private networking solution that provides secure remote access to corporate networks for remote employees and business partners. It incorporates...