CVE-2015-1757
https://notcve.org/view.php?id=CVE-2015-1757
Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en adfs/ls en Active Directory Federation Services (AD FS) en Microsoft Windows Server 2008 SP2 y R2 SP1 y Server 2012 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro wct, también conocido como 'vulnerabilidad de la elevación de privilegios de XSS de ADFS.' • http://www.securityfocus.com/bid/75023 http://www.securitytracker.com/id/1032526 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6331
https://notcve.org/view.php?id=CVE-2014-6331
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, y 3.0, cuando a un SAML Relying Party configurado le falta un cierre de sesión del endpoint, no procesa debidamente las acciones logoff, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida, también conocido como 'vulnerabilidad de divulgación de información de Microsoft Active Directory Federation Services' • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx http://www.securityfocus.com/bid/70938 http://www.securitytracker.com/id/1031195 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-077 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-3868
https://notcve.org/view.php?id=CVE-2013-3868
Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability." Microsoft Active Directory Lightweight Directory Service (AD LDS) en Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1 y Windows 8; y Active Directory Services en Windows Server 2008 SP2 and R2 SP1 y Server 2012 permite a atacantes remotos causar una denegación de servicio (agotamiento de directory-service LDAP) a través de una consulta LDAP manipulada, tambien conocido como "Vulnerabilidad de DoS Anónimo Remoto". • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-079 • CWE-20: Improper Input Validation •
CVE-2013-3185
https://notcve.org/view.php?id=CVE-2013-3185
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability." Microsoft Active Directory Federation Services (AD FS) v1.x hasta v2.1 en Windows Server 2003 R2 SP2, Windows Server 2008 SP2 y R2 SP1, y Windows Server 2012 permite a atacantes remotos obtener información sensible acerca de la cuenta de servicio, y posiblemente llevar a cabo ataques de bloqueo de cuentas, mediante la conexión a un punto final, también conocido como "AD FS Information Disclosure Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-225A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1282
https://notcve.org/view.php?id=CVE-2013-1282
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." El servicio LDAP en Microsoft Active Directory, Active Directory Application Mode (ADAM), Servicio de directorio ligero de Active Directory (AD LDS), y servicios de Active Directory permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y corte de servicio) a través de una consulta hecha a mano , también conocido como "Memory Consumption Vulnerability". • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16463 • CWE-20: Improper Input Validation •