17 matches found
EUVD-2008-0343
Malware in sbrugna...
EUVD-2023-40506
Malicious code in bioql PyPI...
EUVD-2018-0698
Malicious code in bioql PyPI...
CVE-2020-5268
In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...
CVE-2010-2085
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks via the VIEWSTATE parameter...
ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code
Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer tools. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data...
Blue Mockingbird Monero-Mining Campaign Exploits Web Apps
A Monero cryptocurrency-mining campaign has emerged that exploits a known vulnerability in public-facing web applications built on the ASP.NET open-source web framework. The campaign has been dubbed Blue Mockingbird by the analysts at Red Canary that discovered the activity. Research uncovered th...
SelectSurvey CMS (ASP.NET) Arbitrary File Upload Vulnerability
Exploit for asp platform in category web applications ============================================================= SelectSurvey CMS ASP.NET Shell Upload Vulnerability ============================================================= Exploit Title: SelectSurvey.NETv4 CMS ASP.NET Shell Upload...
Exploit Code Released for ASP.NET Flaw
A few days after MIcrosoft released a patch to fix a vulnerability in ASP.NET that could enable a denial-of-service attack, someone has released exploit code for the vulnerability. The proof-of-concept exploit code was posted to the Full Disclosure mailing list and is available for download from...
Microsoft issues Advisory on ASP.NET Hole
Microsoft has issued a security advisory for a recently disclosed vulnerability in the ASP.NET that could leave millions of Web pages vulnerable to attack. The company on Friday released Security Advisory 2416728 addressing the ASP.NET security hole, which was first disclosed by researchers at th...
MS09-036: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
The remote host is running a version of the .NET Framework component of Microsoft Windows that is suspectible to a denial of service attack due to the way ASP.NET manages request scheduling. Using specially crafted anonymous HTTP requests, an anonymous, remote attacker can cause the web server to...
CVE-2006-6104
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...
Microsoft ASP.NET fails to perform proper canonicalization
Overview Microsoft ASP.NET contains a canonicalization vulnerability that may allow a remote unauthenticated attacker to gain access to secure contents. Description Microsoft ASP.NET is a programming framework for creating web applications. The canonicalization routine used by ASP.NET fails to...
MS02-026: ASP.NET Worker Process StateServer Mode Remote Overflow (322289)
The remote ASP.NET installation might be vulnerable to a buffer overflow when an application enables StateServer mode. An attacker could use it to cause a denial of service or run arbitrary code with the same privileges as the process being exploited typically an unprivileged account. C Tenable...
Microsoft ASP.NET contains buffer overflow
Overview Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode. Description ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.A remotely exploitable buffer...
Microsoft ASP.NET Malformed File Request Path Disclosure
ASP.NET is vulnerable to a path disclosure attack. This allows an attacker to determine where the remote web root is physically stored in the remote file system, hence gaining more information about the remote system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...