CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1392 matches found

Prion•added 2009/10/14 10:30 a.m.•23 views

Design/Logic Flaw

Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framewor...

9.3CVSS7.9AI score0.25811EPSS

Exploits2References3Affected Software3

Prion•added 2009/10/14 10:30 a.m.•18 views

Design/Logic Flaw

The Common Language Runtime CLR in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP, 2 a crafted Silverlight application, ...

9.3CVSS8AI score0.23254EPSS

Exploits0References3Affected Software3

Prion•added 2009/10/14 10:30 a.m.•24 views

Null pointer dereference

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via 1 a crafted XAML browser application XBAP, 2 a crafted ASP.NET application, or 3 a...

9.3CVSS7.5AI score0.20982EPSS

Exploits2References3Affected Software3

Cvelist•added 2009/10/14 10:0 a.m.•27 views

CVE-2009-0091

7.2AI score0.25811EPSS

Exploits2References3

securityvulns•added 2009/10/14 12:0 a.m.•46 views

Microsoft .Net multiple security vulnerabilities

Multiple vulnerabilities allow escape from sandbox environment...

9.3CVSS2.3AI score0.25811EPSS

Exploits4References1Affected Software1

seebug.org•added 2009/10/14 12:0 a.m.•37 views

Microsoft Silverlight和.NET Framework CLR接口处理远程代码执行漏洞(MS09-059)

Bugraq ID: 36611 CVE ID：CVE-2009-0090 Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework存在一个远程代码执行漏洞，允许恶意Microsoft .NET应用程序获得一个可管理的指针给长久不使用的栈内存，恶意Microsoft .NET应用程序之后可使用此指针修改位于之后栈中的合法值，导致任意未管理的代码执行。目前没有详细漏洞细节提供。 Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NE...

9.3CVSS9AI score0.20982EPSS

Exploits2

seebug.org•added 2009/10/14 12:0 a.m.•55 views

Microsoft .NET Framework类型校验远程代码执行漏洞(MS09-059)

Bugraq ID: 36617 CVE ID：CVE-2009-0091 Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework存在一个远程代码执行漏洞，允许恶意Microsoft .NET应用程序绕过类型等式检查，恶意Microsoft .NET应用程序通过指派某个对象类型为其他类型，导致任意未管理代码执行。目前没有详细漏洞细节提供。 Microsoft .NET Framework 1.x Microsoft .NET Framework 2.x Microsoft .NET Framework 3.x...

9.3CVSS6.3AI score0.25811EPSS

Exploits2

Tenable Nessus•added 2009/10/14 12:0 a.m.•754 views

MS09-061: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack...

9.3CVSS9.1AI score0.25811EPSS

Exploits4References4

seebug.org•added 2009/10/14 12:0 a.m.•39 views

Microsoft .NET Framework指针校验远程代码执行漏洞(MS09-059)

9.3CVSS9AI score0.20982EPSS

Exploits2

Symantec•added 2009/10/13 12:0 a.m.•13 views

Microsoft Internet Explorer HTML Component Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

8AI score

Exploits0References5Affected Software4

Symantec•added 2009/10/13 12:0 a.m.•30 views

Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability

Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...

8.2AI score

Exploits0References2Affected Software8

Prion•added 2009/08/12 5:30 p.m.•29 views

Denial of service

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service daemon outage via a series of crafted HTTP requests, aka "Remote...

2.6CVSS6.9AI score0.51316EPSS

Exploits1References9Affected Software2

NVD•added 2009/08/12 5:30 p.m.•38 views

CVE-2009-1536

2.6CVSS6.4AI score0.51316EPSS

Exploits1References9

seebug.org•added 2009/08/12 12:0 a.m.•60 views

Microsoft .NET Framework请求调度远程拒绝服务漏洞（MS09-036）

BUGTRAQ ID: 35985 CVECAN ID: CVE-2009-1536 Microsoft .NET Framework是一个流行的软件开发工具包。 ASP.NET管理请求调度的方式存在拒绝服务漏洞。攻击者可以创建特制的匿名HTTP请求导致受影响的Web服务器变得没有响应，直到重启相关的应用池。仅可通过IIS 7.0暴露Microsoft .NET Framework中的漏洞代码。对于没有运行IIS 7.0的系统，无法利用这个漏洞。 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 Microsof...

2.6CVSS6.2AI score0.51316EPSS

Exploits1

Prion•added 2009/07/14 11:30 p.m.•43 views

Authentication flaw

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6.5AI score0.06348EPSS

Exploits0References86Affected Software5

NVD•added 2009/07/14 11:30 p.m.•23 views

CVE-2009-0217

5CVSS7AI score0.06348EPSS

Exploits0References86