CVE-2010-3332

CVE-2010-3332 describes an ASP.NET padding oracle vulnerability in the .NET Framework when used with IIS, where detailed error information during decryption could enable a remote attacker to decrypt and modify __VIEWSTATE data and potentially forge cookies or read application files. The issue aff...

CVE-2010-1898

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote...

Design/Logic Flaw

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote...

CVE-2010-1898

CVE-2010-1898 is a remote code execution vulnerability in the Microsoft .NET CLR handling delegates to virtual methods, affecting CLR-based apps and Silverlight. The issue enables arbitrary code execution via three attack scenarios: XBAPs (XAML browser applications), ASP.NET pages, or standalone ...

CVE-2010-1898

The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote...

Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)

This host is missing a critical security update according to Microsoft Bulletin MS10-060. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Security Bulletin MS10-060 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

Microsoft Security Bulletin MS10-060 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution 2265906 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves two...

Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)

This host is missing a critical security update according to Microsoft Bulletin MS10-060. OpenVAS Vulnerability Test $Id: secpodms10-060.nasl 5361 2017-02-20 11:57:13Z cfi $ Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability 2265906 Authors: Antu Sanadi Updated By: Madhuri...

Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability

Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service...

Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)

This host is missing a critical security update according to Microsoft Bulletin MS10-041. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)

This host is missing a critical security update according to Microsoft Bulletin MS10-041. OpenVAS Vulnerability Test $Id: secpodms10-041.nasl 5361 2017-02-20 11:57:13Z cfi $ Microsoft .NET Framework XML HMAC Truncation Vulnerability 981343 Authors: Antu Sanadi Updated By: Madhuri D on 2010-11-15 ...

MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted...

Microsoft Security Bulletin MS10-041 - Important Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

Microsoft Security Bulletin MS10-041 - Important Vulnerability in Microsoft .NET Framework Could Allow Tampering 981343 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The...

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevate...

Microsoft .NET Framework 3.5 ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2088,CVE-2010-2085 .NET Framework中的ASP.NET没有正确地处理未经加密的ViewState。通常ASP.Net的ViewState存储在名为 VIEWSTATE的隐藏字段中。如果页面的ViewState没有加密签名，就可以对多个标准.Net控件执行跨站脚本攻击。 Microsoft .NET Framework 3.5 厂商补丁： Microsoft --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

ASP. Net under the C/S back door--WebAdmin 2. Y application details-vulnerability warning-the black bar safety net

Hello everyone, don't know you have not used even the WebAdmin 2. X? Well, yeah, the one that ASP. Net environment under the back door. That's my immature works, if have what not hand over the place but also hope bear with me. Oh, today?, or let the coupling to the“Huang po sells melon from sell...

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

Microsoft .NET Framework Pointer Verification Error (MS09-061; CVE-2009-0090)

The Microsoft .NET Framework is a software framework that includes a large library of coded solutions to common programming problems and a virtual machine that manages the execution of programs written specifically for the framework. A remote code execution vulnerability exists in the Microsoft...

Microsoft .NET Framework Type Verification Error (MS09-061; CVE-2009-0090; CVE-2009-0091)

The Microsoft .NET Framework is a software framework that includes a large library of coded solutions to common programming problems and a virtual machine that manages the execution of programs written specifically for the framework. A remote code execution vulnerability exists in the Microsoft...

Microsoft .NET Framework Arbitrary Memory Modification (MS09-061; CVE-2009-2497)

The Microsoft .NET Framework is a software framework that includes a large library of coded solutions to common programming problems and a virtual machine that manages the execution of programs written specifically for the framework. A remote code execution vulnerability exists in the Microsoft...