Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft active directory services - vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-8340
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows...
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1709
1 Github repository
5
CVSSv2
CVE-2019-1126
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an malicious user to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an malic...
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2019 -
1 Article
4
CVSSv2
CVE-2020-0837
<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factor...
Microsoft Windows 10 1607
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 1903
Microsoft Windows 10 1903
Microsoft Windows Server 2016 1909
Microsoft Windows 10 1909
Microsoft Windows 10 2004
Microsoft Windows Server 2016 2004
5
CVSSv2
CVE-2018-16794
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
Microsoft Active Directory Federation Services
4 Github repositories
5
CVSSv2
CVE-2013-3185
Microsoft Active Directory Federation Services (AD FS) 1.x up to and including 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote malicious users to obtain sensitive information about the service account, and possibly cond...
Microsoft Active Directory Federation Services 2.0
Microsoft Active Directory Federation Services 2.1
9
CVSSv2
CVE-2009-2509
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka &qu...
Microsoft Windows Server 2008
Microsoft Windows Server 2003
6.8
CVSSv2
CVE-2019-0975
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addres...
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1803
1 Article
6.9
CVSSv2
CVE-2009-2508
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate malicious users to obtain the...
Microsoft Windows Server 2003
Microsoft Windows Server 2008
7.2
CVSSv2
CVE-2020-27122
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local malicious user to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrato...
Cisco Identity Services Engine
5
CVSSv2
CVE-2004-0120
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote malicious users to cause a denial of service via malformed SSL messages.
Microsoft Windows 2000
Microsoft Windows 2003 Server R2
Microsoft Windows Xp
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »