Microsoft .NET Framework Remote Code Execution Vulnerability (3000414)

This host is missing a critical security update according to Microsoft Bulletin MS14-057. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the application; this can result in the attacker gaining complete control of the affected system. Technologies Affecte...

Microsoft .NET ClickOnce Elevation of Privilege (MS14-057; CVE-2014-4073)

A remote code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles elevation of privilege. A remote attacker could exploit this vulnerability by elevating privileges on the targeted system...

Microsoft .NET Framework CVE-2014-4122 ASLR Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...

Microsoft .NET Framework 'iriParsing' Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Technologies Affected...

CVE-2014-4072

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service resource consumption and ASP.NET performance degradation via crafted requests, aka ".NET Framewo...

CVE-2014-4072

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service resource consumption and ASP.NET performance degradation via crafted requests, aka ".NET Framewo...

Microsoft .NET Framework Denial of Service Vulnerability (2990931)

This host is missing an important security update according to Microsoft Bulletin MS14-053. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to cause a denial of service by sending specially crafted requests to an ASP.NET web application running on the affected system. Note that ASP.NET is not install...

Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2894855)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Microsoft .NET Framework CVE-2014-4072 Remote Denial of Service Vulnerability

Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to degrade the performance of a .NET-enabled website, causing a denial of service condition. Technologies Affected Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framewor...

Microsoft .NET Framework Security Bypass Vulnerability (2984625)

This host is missing an important security update according to Microsoft Bulletin MS14-046. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2014-4062

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."...

Microsoft .NET Framework CVE-2014-4062 ASLR Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya Conferencing Standard Editio...

MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that could allow an attacker to bypass the Address Space Layout Randomization ASLR security feature. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid77164;...

Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17243/info Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or...

Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24791/info Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. An attacker can exploit these issues to access sensitive information...

Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)

This host is missing an important security update according to Microsoft Security Advisory 2960358. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...

Design/Logic Flaw

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...