33 matches found
USN-6480-1 dotnet6, dotnet7, dotnet8 vulnerabilities
Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. CVE-2023-36558 Piotr Bazydlo discovered that .NET did not properly handle...
CVE-2023-36558
A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability t...
ALSA-2023:7258 Moderate: dotnet6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25...
ALSA-2023:7257 Moderate: dotnet6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25...
Moderate: dotnet6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25...
Moderate: dotnet7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14...
Moderate: dotnet8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fixes: dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass...
ALSA-2023:7254 Moderate: dotnet8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fixes: dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass...
ALSA-2023:7253 Moderate: dotnet8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fixes: dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass...
GHSA-3FX3-85R4-8J3W Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass when the Blazor server forms in ASP.NET Core applications are used. An attacker can bypass validation and trigger unintended actions by exploiting this vulnerability. This is only exploitable if the application is ...
HardHatC2 - A C# Command And Control Framework
A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...
UPDATE: Covenant v0.5
Covenant v0.5, a major update was released a few hours ago. My last post about this open source, collaborative .NET C2 framework for red teamers was about Covenant v0.4. This is a major update and includes a brand new .NET Core cross-platform implant “Brute” that can be run on Windows, Linux, or...