CVSS: 6.1EPSS: 11%CPEs: 2EXPL: 0CVE-2015-1757
https://notcve.org/view.php?id=CVE-2015-1757
10 Jun 2015 — Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en adfs/ls en Active Directory Federation Services (AD FS) en Microsoft Windows Server 2008 SP2 y R2 SP1 y Server 2012 permite a atacantes remotos inyectar secuencias de comandos web arbi... • http://www.securityfocus.com/bid/75023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 33%CPEs: 8EXPL: 0CVE-2014-6331
https://notcve.org/view.php?id=CVE-2014-6331
11 Nov 2014 — Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, y 3.0, cuando a un SAML Relying Party configurado le falta un cierre de sesión del en... • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 26%CPEs: 14EXPL: 0CVE-2013-3868
https://notcve.org/view.php?id=CVE-2013-3868
11 Sep 2013 — Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability." Microsoft Active Directory Lightweight Directory Service (AD LDS) en Windows Vista SP2, Windows Server 2008 SP2, Windows Se... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 21%CPEs: 5EXPL: 0CVE-2013-3185
https://notcve.org/view.php?id=CVE-2013-3185
14 Aug 2013 — Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability." Microsoft Active Directory Federation Services (AD FS) v1.x hasta v2.1 en Windows Server 2003 R2 SP2, Windows Server 2008 SP2 y R2 SP1, y Win... • http://www.us-cert.gov/ncas/alerts/TA13-225A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 71%CPEs: 4EXPL: 0CVE-2013-1282
https://notcve.org/view.php?id=CVE-2013-1282
09 Apr 2013 — The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." El servicio LDAP en Microsoft Active Directory, Active Directory Application Mode (ADAM), Servicio de directorio ligero de Active Directory (AD LDS), y servicios de Active Directory... • http://www.us-cert.gov/ncas/alerts/TA13-100A • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-3539
https://notcve.org/view.php?id=CVE-2008-3539
10 Sep 2008 — Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02... • http://marc.info/?l=bugtraq&m=122062779731581&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •