Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)

This host is missing a critical security update according to Microsoft Bulletin MS09-036. OpenVAS Vulnerability Test $Id: gbms09-036.nasl 5368 2017-02-20 14:34:16Z cfi $ Microsoft Windows ASP.NET Denial of Service Vulnerability970957 Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networ...

DotNetNuke CMS Cross Site Scripting

PR10-19 DotNetNuke CMS XSS Advisory publicly released: Friday, 3 December 2010 Vulnerability found: Saturday, 30 October 2010 Vendor informed: Monday, 1 November 2010 Severity level: Low/Medium Credits Richard Brain of ProCheckUp Ltd www.procheckup.com Description DotNetNuke is a Content Manageme...

rsaDotNetCompilation

Проект: rsaDotNetCompilation Версия: 1.0 Разработчик: rsaReliableS Язык: .Net C 2.0 Описание: компилятор для языков Visual C и Visual Basic. Возможно вводить код вручную либо загружать файл. Поддерживаются компиляторы 2.0 \ 3.5. Идея создания: для компиляции не нужно громоздких IDE Visual Studio ...

MS10-070 ASP.NET Padding Oracle File Download

MS10-070 ASP.NET Padding Oracle信息泄露漏洞 1.漏洞描述。 ASP.NET由于加密填充验证过程中处理错误不当，导致存在一个信息泄漏漏洞。成功利用此漏洞的攻击者可以读取服务器加密的数据，例如视图状态。 此漏洞还可以用于数据篡改，如果成功利用，可用于解密和篡改服务器加密的数据。 虽然攻击者无法利用此漏洞来执行恶意攻击代码或直接提升他们的用户权限，但此漏洞可用于信息搜集，这些信息可用于进一步攻击受影响的系统。 也就是说虽然不能直接getshell，但是理论上可以读取任意文件，包括数据库配置文件。 2.漏洞标识符： CVE： CVE-2010-3332 3.受影响...

Microsoft .NET Framework JIT编译器优化远程代码执行漏洞（MS10-077）

BUGTRAQ ID: 43781 CVE ID: CVE-2010-3228 Microsoft .NET Framework是一个流行的软件开发工具包。 NET Framework中的JIT编译器在优化代码时存在漏洞，当用户访问承载了特制XBAP的网页时就可能触发内存破坏，导致执行任意代码。此漏洞仅影响x64和Itanium架构。 Microsoft .NET Framework 4.0 临时解决方法： 禁用部分受信任的Microsoft .NET应用： caspol –pp off caspol –m –resetlockdown caspol –pp on 在Internet...

CVE-2010-3228

The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."...

Memory corruption

The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."...

CVE-2010-3228

The CVE-2010-3228 issue is a remote code execution vulnerability in the .NET Framework 4.0 JIT compiler on x64/Itanium. The root cause is incorrect optimizations in the JIT that lead to memory corruption when XBAPs or specially crafted Web content are processed. Exploitation requires a user to vi...

CVE-2010-3228

The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."...

MS10-077: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)

The JIT compiler included with the version of the .NET Framework installed on the remote host optimizes code based on an incorrect assessment. If an attacker can trick a user on the affected host into viewing a specially crafted web page using a Web browser that can run XAML Browser Applications...

PT-2010-4664 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework version 4.0 Description: A remote code execution issue exists in the Microsoft .NET Framework, specifically affecting the x64 and Itanium architectures. This is due to improper optimizations by the JIT compiler,...

Microsoft Security Bulletin MS10-077 - Critical Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) Published: October 12, 2010

Microsoft Security Bulletin MS10-077 - Critical Vulnerability in .NET Framework Could Allow Remote Code Execution 2160841 Published: October 12, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft .NET Framework. Th...

Microsoft Releases Huge Patch Tuesday Update For 49 Bugs

Microsoft has released its largest-ever bundle of patches, pushing out 16 updates that fix a total of 49 individual vulnerabilities. The patches include updates for six critical vulnerabilities, most notably a huge fix for some remote code-execution bugs in various versions of Internet Explorer...

Microsoft Releases October Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Server Software, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2010. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensiti...

Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability

Description The Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the currently logged-in user or the service account associated with an application pool identity. Failed exploit...

MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) (uncredentialed check)

There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework...

Microsoft Plans Record-Breaking Patch Tuesday

This month’s batch of security patches from Microsoft will be a record-breaking one: 16 bulletins addressing a whopping 49 security vulnerabilities. According to the company’s advance notice, four of the 16 bulletins will be rated “critical,” Microsoft’s highest severity rating. Microsoft rates a...

MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

There is an information disclosure vulnerability in ASP.NET, part of the .NET framework. Information can be leaked due to improper error handling during encryption padding. A remote attacker could exploit this to decrypt and modify an ASP.NET application's server-encrypted data. In .NET Framework...

CVE-2010-3332

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka VIEWSTATE for...

Buffer overflow

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services IIS, provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State aka VIEWSTATE for...