U.S. Dept Of Defense: Two Error-Based SQLi in courses.aspx on ██████████

Summary: The server at ████ contains two SQL injection vulnerabilities in the courses.aspx file. These are error-based SQLi vulnerabilities. The resulting errors reveal seven lines of C code, including inline SQL which reveals internal database information. Note that this is one of two reports I'...

JVN#72586781: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check)

The remote web server is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. - A ASP.NET NULL byte termination vulnerability could allow an...

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)

The remote host is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privileges of the logged-on user. - An ASP.NET NULL byte termination vulnerability could allow an attacker ...

MS05-004: ASP.NET Path Validation Vulnerability (887219)

The remote host is running a version of the ASP.NET framework that could allow an attacker to bypass the security of an ASP.NET website and obtain unauthorized access. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid16333; scriptversion"1.36"; scriptcvsdate"Date:...

ASP.NET Web Frameworks

ASP.NET Web Framework...