6554 matches found
CVE-2015-6115
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass."...
CVE-2015-6099
Cross-site scripting XSS vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."...
CVE-2015-6096
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka ".NET Information Disclosu...
Cross site scripting
Cross-site scripting XSS vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."...
Information disclosure
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka ".NET Information Disclosu...
CVE-2015-6115
CVE-2015-6115 is a security feature bypass in Microsoft .NET Framework driven by a vulnerable DLL not compiled with ASLR. A crafted web site could cause the vulnerable DLL to load, enabling an attacker to bypass ASLR protections and potentially bypass memory safety checks. Affected products inclu...
CVE-2015-6099
CVE-2015-6099 is an XSS vulnerability in ASP.NET within Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6. The IBM/KB data confirms the issue stems from improper input handling/neutralization in web page generation, enabling remote attackers to inject arbitrary script via crafted values. Aff...
CVE-2015-6115
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass."...
CVE-2015-6096
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka ".NET Information Disclosu...
CVE-2015-6096
CVE-2015-6096 affects Microsoft .NET Framework 2.0 SP2 onward to 4.6. The root cause is an XML DTD parser vulnerability that allows an external entity declaration to be processed with an entity reference, enabling an attacker to read local files (XXE information disclosure). The connected advisor...
Microsoft .NET Framework Privilege Elevation Vulnerabilities (3104507)
This host is missing an important security update according to Microsoft Bulletin MS15-118. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 (KB3098780)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
Security Update for Microsoft .NET Framework 4.6 on Windows 8 (KB3098784)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
Security Update for Microsoft .NET Framework 4.6 on Windows 8 and Windows Server 2012 x64 (KB3098784)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
Microsoft .NET Framework CVE-2015-6096 XML Handling Information Disclosure Vulnerability
Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.5 Microso...
KLA10695 Multiple vulnerabilities in Microsoft .NET Framework
Multiple serious vulnerabilities have been found in Microsoft .NET Framework. Malicious users can exploit these vulnerabilities to bypass security restrictions,. Below is a complete list of vulnerabilities 1. Erroneous XML parsing at Document Type Definition can be exploited remotely via a...
Microsoft .NET Framework CVE-2015-6115 ASLR Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Microsoft .NET Framework 2.0 SP2...
MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)
The remote Windows host has a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the .NET Framework due to improper DTD parsing of crafted XML files. An unauthenticated, remote attacker can exploit this, via a...
MS15-118: Security update for the .NET Framework to address elevation of privilege: November 10, 2015
Resolves vulnerabilities in the Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an attacker injects a client-side script into a user's browser.February 9, 2016 This security update has been rereleased and contains an updated article. We...
MS KB2960358: Update for Disabling RC4 in .NET TLS
The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS. Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application that runs on a system that has 4.6 installed is affected. C Tenable Network Security, Inc...