EUVD-2001-0539

Malware in sbrugna...

CVE-2001-1533

Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability...

Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8207/info ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the request was made fo...

Design/Logic Flaw

Microsoft Internet Security and Acceleration ISA Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to...

MS09-031: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

The version of Microsoft Internet Security and Acceleration ISA Server 2006 installed on the remote host may allow an unauthenticated attacker with knowledge of administrator account usernames to gain access to published resources in the context of such a user without having to authenticate with...

Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability

Description Microsoft ISA Server is prone to an authentication-bypass vulnerability. An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources within the context of the selected account. Technologies Affected Microsof...

CVE-2009-1348

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via 1 an invali...

Microsoft ISA Server和Forefront TMG跨站脚本漏洞（MS09-016）

BUGTRAQ ID: 34416 CVECAN ID: CVE-2009-0237 Microsoft ISA Server和Forefront TMG都是微软产品家族中的安全组件，可提供防火墙、安全网关等功能。 ISA Server或Forefront TMG中的HTML表单认证组件cookieauth.dll没有正确地对HTTP流执行输入验证，允许恶意脚本代码扮演为运行cookieauth.dll的服务器在其他用户的设备上运行，导致跨站脚本攻击。 Microsoft ISA Server 2006可支持性升级 Microsoft ISA Server 2006 SP1...

Workaround for Microsoft ISA Server TCP State Limited Denial of Service Vulnerability (MS09-016)

A denial of service vulnerability has been reported in Microsoft Internet Security and Acceleration ISA Server. ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN endpoint, and provides Internet Access for...

Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability

Description Microsoft ISA Server and Forefront Threat Management Gateway are prone to a remote denial-of-service vulnerability. A remote, anonymous attacker could exploit this issue to cause the Web proxy listener to become unresponsive, denying service legitimate users. Technologies Affected...

MS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Could Cause Denial of Service (961759)

The version of Microsoft ISA Server or Forefront Threat Management Gateway installed on the remote host is affected by one or both of the following vulnerabilities : - By sending a series of specially crafted packets, an anonymous remote attacker can create orphaned open sessions in the firewall...

Preemptive Protection against Microsoft ISA Server Cross-Site Scripting (XSS) Vulnerability (MS09-016)

A cross-site scripting XSS vulnerability has been reported in the cookieauth.dll component in Microsoft Internet Security and Acceleration ISA Server. ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN...

Design/Logic Flaw

The SOCKS4 Proxy in Microsoft Internet Security and Acceleration ISA Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information the destination IP address of another user's session via an empty packet...

Microsoft ISA Server proxy / firewall multiple vulnerabilities

Cache poisoning problem, NetBIOS predefined filter vulnerability...

Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is prone to an information disclosure vulnerability. Reports indicate that the issue manifests when an ISA server is publishing a Web service that has Basic authentication enabled, but the Web publishing rules that process the...

Microsoft ISA Server HTTP Request Smuggling Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is reported prone to a HTTP request smuggling attack. The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header. A remo...

CVE-2004-0892

Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results...

CVE-2004-0892

CVE-2004-0892 describes a spoofing vulnerability in ISA Server 2000 and Proxy Server 2.0 (also in Small Business Server 2000/2003 Premium) where reverse-DNS cache results can be manipulated to spoof trusted Internet content on a crafted page. Connected data confirms the bug exists in these produc...

Microsoft ISA and Proxy Server Web Site Spoofing Vulnerability

Description Microsoft ISA and Proxy Server are reportedly prone to a Web site spoofing vulnerability. Successful exploitation of this issue could allow a remote attacker to spoof a trusted Web site. If a connection were made to the spoofed Web site using SSL, the malicious site would not be able ...

Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability

Description It has been reported that the H.323 filter used by Microsoft ISA Server 2000 is prone to a remote buffer overflow vulnerability. The condition presents itself due to insufficient boundary checks performed by the Microsoft Firewall Service on specially crafted H.323 traffic. Successful...