Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability

Description Microsoft ASP.NET is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application pool on the affected webserver to become unresponsive, denying service to legitimate users. NOTE: This issue only affects ASP.NET on webservers running IIS 7 in...

Authentication flaw

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

Microsoft DirectX DirectShow QuickTime movie parsing vulnerability

Added: 06/03/2009 CVE: CVE-2009-1537 BID: 35139 OSVDB: 54797 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A command execution...

Microsoft DirectX DirectShow QuickTime movie parsing vulnerability

Added: 06/03/2009 CVE: CVE-2009-1537 BID: 35139 OSVDB: 54797 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A command execution...

Microsoft Security Bulletin MS06-056

A cross-site scripting vulnerability exists in a server running a vulnerable version of the .Net Framework 2.0 that could inject a client side script in the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected web site...

Microsoft Security Bulletin MS07-040

Microsoft .NET is affected by multiples criticals vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. OpenVAS Vulnerability Test $Id:...

Microsoft Security Bulletin MS06-056

A cross-site scripting vulnerability exists in a server running a vulnerable version of the .Net Framework 2.0 that could inject a client side script in the user SPDX-FileCopyrightText: 2009 Christian Eric Edjenguele Some text descriptions might be excerpted from a referenced sources, and are...

Code injection

The strong name SN implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache GAC and Code...

CVE-2008-5100

CVE-2008-5100 concerns the strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 . The description in multiple connected sources states that SN validation relies on the Public Key Token embedded in the DLL’s pathname rather than the file’s own digital signature. This design flaw c...

Cross site scripting

Request Validation aka the ValidateRequest filters in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a query string containing a "/" less-th...

MS.NET Framework vulnerability exists there is no patch-vulnerability warning-the black bar safety net

Microsoft . NET Framework is a popular software development tool kit. . NET Framework in processing within the block request when there is vulnerability, an attacker could exploit this vulnerability to inject script code execution. . NET Framework not correctly filter embedded. NET request,...

.NET JIT Compiler Vulnerability

The remote host is affected by the vulnerabilitys described in CVE-2007-0043 Checking if System.web.dll version is less than 2.0.50727.832 OpenVAS Vulnerability Test $Id: winCVE-2007-0043.nasl 5661 2017-03-21 11:39:13Z cfi $ Description: .NET JIT Compiler Vulnerability Authors: Carsten Koch-Mauth...

Mono System.Math BigInteger整数溢出漏洞

BUGTRAQ ID: 26279 CVECAN ID: CVE-2007-5197 Mono是基于.NET框架的开源开发平台，允许开发人员构建Linux和跨平台的应用。 Mono的Mono.Math.BigInteger类在实现BigInteger数据类型时存在整数溢出漏洞，允许本地攻击者执行任意指令。 Mono Mono 2.0 Mono Mono 1.x 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1397-1）以及相应补丁: DSA-1397-1：New mono packages fix integer overflow...

Microsoft .NET Framework JIT编译器远程溢出漏洞（MS07-040）

BUGTRAQ ID: 24811 CVECAN ID: CVE-2007-0043 Microsoft .NET Framework是一个流行的软件开发工具包。 .NET Framework JIT编译器处理包含恶意数据的网页时存在漏洞，远程攻击者可能利用此漏洞控制用户系统。 .NET Framework...

Microsoft .NET Framework PE加载器远程溢出漏洞（MS07-040）

BUGTRAQ ID: 24778 CVECAN ID: CVE-2007-0041 Microsoft .NET Framework是一个流行的软件开发工具包。 .NET Framework PE加载器处理包含畸形数据的PE文件时存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 .NET Framework...

dotnet-nullbyte.txt

======================================================================== = Multiple .NET Null Byte Injection Vulnerabilities = = Vendor Website: = http://www.microsoft.com = = Affected Version: = .NET FrameWork v1.1 SP1 = .NET FrameWork v2.0.50727 = = Vendor Notified - October, 2006 = Public...