12 matches found
CVE-2010-2733
This CVE-2010-2733 entry concerns a non-persistent cross-site scripting (XSS) vulnerability in Forefront UAG Web Monitor across 2010 Gold, Update 1, and Update 2. The issue is documented under Microsoft MS10-089, which addresses multiple UAG vulnerabilities (CVE-2010-2732, CVE-2010-2733, CVE-2010...
CVE-2010-2732
CVE-2010-2732 is an open redirect spoofing vulnerability in Forefront UAG 2010 (Gold), Update 1, and Update 2. The issue arises when the UAG web interface fails to validate redirects, allowing an attacker to redirect users to a malicious site via a specially crafted URL, potentially capturing cre...
CVE-2011-1969
CVE-2011-1969 affects Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 through the MicrosoftClient.jar Java applet. The issue arises because the signed Java applet loads unsigned Java classes, which can be exploited to execute arbitrary code on client machin...
CVE-2012-0147
Microsoft Forefront UAG 2010 SP1 and SP1 Update 1 expose an information-disclosure vulnerability due to improper/default web site configuration, allowing unauthenticated remote access to sensitive web content via crafted HTTPS requests (CVE-2012-0147). Connected sources confirm this is part of th...
CVE-2012-0146
CVE-2012-0146 : Affects Microsoft Forefront UAG 2010 SP1 and SP1 Update 1. Open redirect vulnerability allows remote attackers to redirect users to arbitrary sites via a crafted URL (phishing risk). Root cause is an improper redirect handling in UAG’s web flow. Exploitation is possible remotely; ...
CVE-2011-1895
Microsoft Forefront UAG (2010 Gold/Update 1/Update 2/SP1) is affected by multiple vulnerabilities addressed in MS11-079. The CVE-2011-1895 issue is an HTTP response-splitting/CRLF injection in ExcelTable.asp that can lead to header tampering and related cross-site scripting attacks; related CVEs ...
CVE-2010-2734
CVE-2010-2734 is a non-persistent cross-site scripting (XSS) vulnerability in the Forefront Unified Access Gateway (UAG) mobile portal. According to the MS10-089 bulletin, it affects UAG 2010, Update 1, and Update 2, and could allow an attacker to inject script via specially crafted input that ru...
CVE-2011-1897
CVE-2011-1897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Forefront UAG 2010 Gold, Update 1, Update 2, and SP1 (the issue is identified as the Default Reflected XSS Vulnerability). Public sources in the provided set confirm the vulnerability is addressed by Microsoft MS11-07...
CVE-2010-3936
CVE-2010-3936 is an XSS in Signurl.asp affecting Forefront UAG 2010 (Gold) and Update 1/Update 2. The MS10-089 bulletin (KB2433584/KB2433585/KB2418933) addresses this vulnerability along with related UAG XSS flaws, requiring update installation to mitigate. Exploitation would enable non-persisten...
CVE-2018-12571
CVE-2018-12571 affects Microsoft Forefront Unified Access Gateway 2010. The vulnerability arises in uniquesig0/InternalSite/InitParams.aspx where a comma-separated orig_url list can trigger outbound DNS queries to arbitrary hosts, enabling potential traffic amplification and/or SSRF. POCs and dis...
CVE-2011-2012
Microsoft Forefront UAG 2010 Gold/Update 1/2 and SP1 is affected by CVE-2011-2012 due to improper validation of session cookies, enabling a remote attacker to cause a denial of service (IIS outage) by sending unspecified network traffic. This is part of the MS11-079 set of vulnerabilities and is ...
CVE-2011-1896
CVE-2011-1896 is a reflected XSS in Microsoft Forefront UAG (ExcelTable.aspx) affecting 2010 Gold, Update 1/2, and SP1. Root cause: Web Monitor fails to sanitize some input, allowing arbitrary script execution in the victim’s browser. Documents indicate exploitation could arise from the UAG Web M...