Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft active directory - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-0040
The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote malicious users to cause a denial of service (authentication downgrade or outage) via a crafted request that trig...
Microsoft Windows 2003 Server
7.2
CVSSv2
CVE-2005-0545
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue...
Microsoft Windows 2000
Microsoft Windows Xp
5
CVSSv2
CVE-2013-3185
Microsoft Active Directory Federation Services (AD FS) 1.x up to and including 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote malicious users to obtain sensitive information about the service account, and possibly cond...
Microsoft Active Directory Federation Services 2.0
Microsoft Active Directory Federation Services 2.1
5
CVSSv2
CVE-2018-16794
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
Microsoft Active Directory Federation Services
4 Github repositories
6.8
CVSSv2
CVE-2019-0975
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addres...
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1803
1 Article
9
CVSSv2
CVE-2009-2509
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka &qu...
Microsoft Windows Server 2008
Microsoft Windows Server 2003
2.1
CVSSv2
CVE-2000-0311
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
Microsoft Windows 2000
5
CVSSv2
CVE-2003-0663
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote malicious users to cause a denial of service via a crafted LDAP message.
Microsoft Windows 2000
5
CVSSv2
CVE-2005-3169
Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow malicious ...
Microsoft Windows 2000
6.9
CVSSv2
CVE-2009-2508
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate malicious users to obtain the...
Microsoft Windows Server 2003
Microsoft Windows Server 2008
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »