.net Security Vulnerabilities
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a.....
7.7AI Score
0.672EPSS
Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp...
8.1AI Score
0.032EPSS
Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security...
6.9AI Score
0.004EPSS
Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only...
6.5AI Score
0.008EPSS
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted...
7.8AI Score
0.955EPSS
Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang...
5.9AI Score
0.012EPSS
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI...
6.9AI Score
0.96EPSS
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir...
7.9AI Score
0.153EPSS
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to...
5.4AI Score
0.914EPSS
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by...
6.5AI Score
0.837EPSS
Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to...
6.7AI Score
0.008EPSS
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in...
6AI Score
0.008EPSS
nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host...
7.8AI Score
0.031EPSS
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static...
7.6AI Score
0.006EPSS
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long...
7.7AI Score
0.079EPSS
Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question...
5.9AI Score
0.004EPSS
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project...
7.3AI Score
0.019EPSS
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b)...
5.8AI Score
0.044EPSS
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...
7.8AI Score
0.543EPSS
Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite...
6.2AI Score
0.075EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter...
6AI Score
0.003EPSS
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink...
6.5AI Score
0.0004EPSS
Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET...
7.2AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and...
5.9AI Score
0.012EPSS
The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary...
6.2AI Score
0.0004EPSS
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy...
7.6AI Score
0.957EPSS
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote...
6.5AI Score
0.055EPSS
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL...
6.6AI Score
0.015EPSS
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers...
6.8AI Score
0.966EPSS
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be...
6.3AI Score
0.003EPSS
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer...
8AI Score
0.052EPSS
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP...
6.5AI Score
0.023EPSS
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID...
7.2AI Score
0.946EPSS
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls)...
6.6AI Score
0.172EPSS
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment...
6.7AI Score
0.019EPSS
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS...
7.8AI Score
0.032EPSS
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA...
7.7AI Score
0.018EPSS
Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2)...
7.3AI Score
0.003EPSS
Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2)...
8.1AI Score
0.128EPSS
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long...
8.2AI Score
0.005EPSS
Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other...
7.1AI Score
0.006EPSS
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary...
7.4AI Score
0.0004EPSS
Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP...
7AI Score
0.012EPSS