1392 matches found
CVE-2007-0043
CVE-2007-0043 corresponds to the .NET JIT Compiler vulnerability described in MS07-040. Affects Microsoft .NET Framework 1.0/1.1/2.0 on Windows 2000/XP/Server 2003/Vista, due to an unchecked buffer in the JIT compiler that could allow remote code execution when a user is manipulated into visiting...
CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...
CVE-2007-0041
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow...
Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
Description Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits ca...
Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
Description Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits ca...
Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities
Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities source: https://www.securityfocus.com/bid/24791/info Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. An attacker can exploit...
Microsoft .Net special DOS device access problem
Request like /AUX/.aspx causes special DOS device access and may lead to DoS conditions with resource exhaustion...
dotnet-bypass.txt
FYI, The following are the technical details for the Microsoft .NET request filtering bypass vulnerability BID 20753: ProCheckUp Security Bulletin This advisory has been published following consultation with UK CPNI formally known as NISCC Title: Microsoft ASP.NET request filtering can be bypasse...
Microsoft .NET request filtering bypass vulnerability (BID 20753)
FYI, The following are the technical details for the Microsoft .NET request filtering bypass vulnerability BID 20753: ProCheckUp Security Bulletin This advisory has been published following consultation with UK CPNI formally known as NISCC Title: Microsoft ASP.NET request filtering can be bypasse...
Microsoft .NET Version Information Disclosure
By requesting a non-existent .aspx file on the remote web server, it is possible to obtain the exact version number of the remote .NET framework. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid24243; scriptversion"1.14";...
Microsoft .NET Framework请求过滤绕过漏洞
Microsoft .NET Framework是一个流行的软件开发工具包。 .NET Framework在处理内嵌请求时存在漏洞,攻击者可能利用此漏洞注入脚本代码执行。 .NET Framework没有正确的过滤内嵌的.NET请求,允许攻击者执行跨站脚本攻击。如果Web应用在向浏览器回显输入前仅仅依赖于.NET请求过滤的话,攻击者就可能通过特制的请求注入脚本代码。 Microsoft .NET Framework 2.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Microsoft .NET Framework SDK MSIL工具堆溢出漏洞
Microsoft .NET Framework是一个流行的软件开发工具包。 Microsoft .NET Framework SDK的ildasm在反汇编DLL文件时存在堆溢出漏洞,导致在反汇编特制的DLL时可能出现拒绝服务。 出现异常的部分如下: pvReturn = HeapAlloccrtheap, HEAPZEROMEMORY, size; if pvReturn == NULL cmp dword ptr pvReturn,ebx jne $L19640+1 7C3423B6h pvReturn = HeapAlloccrtheap, HEAPZEROMEMORY, size...
CVE-2006-3436
Cross-site scripting XSS vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true"...
CVE-2006-3436
CVE-2006-3436 is a Microsoft .NET Framework 2.0 ASP.NET XSS vulnerability. The flaw affects ASP.NET controls that set AutoPostBack to true, allowing an attacker to inject client-side script via HTTP requests and potentially cause information disclosure or browser-side actions. Exploitation report...
Microsoft .NET Framework contains a cross-site scripting vulnerability
Overview The Microsoft .NET Framework contains a cross-site scripting vulnerability that may allow an attacker to read or modify data in web pages and cookies. Description The Microsoft .NET Framework is a managed code programming model for Microsoft Windows operating systems. Microsoft ASP.NET i...
Authentication flaw
Microsoft .NET framework 2.0 ASP.NET in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."...
Microsoft ASP.NET Application Folder Information Disclosure Vulnerability
Description ASP.NET is prone to an information-disclosure vulnerability. This issue is due to a failure in the applications to properly validate user-supplied input. An attacker can exploit this issue to retrieve potentially sensitive information. Information retrieved may aid in further attacks...
Buffer overflow
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method...
Buffer overflow
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name...
CVE-2006-1511
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name...