13 matches found
CVE-2010-2085
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks via the VIEWSTATE parameter...
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...
CVE-2013-1330
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC...
Default configuration
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC...
CVE-2013-1330
CVE-2013-1330 is described as a vulnerability in Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1/SP2, and Office Web Apps 2010 where the EnableViewStateMac attribute is not enabled by default. This permits remote code execution via an unassigned...
Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
Microsoft .NET is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...
CVE-2010-1459
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...
CVE-2010-2085
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks via the VIEWSTATE parameter...
CVE-2010-1459
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...
CVE-2010-2085
CVE-2010-2085 affects Microsoft .NET / ASP.NET prior to 1.1, where the default EnableViewStateMac is FALSE, allowing remote attackers to perform cross-site scripting via the __VIEWSTATE parameter. This is corroborated by multiple connected sources (Red Hat advisory, OpenVAS entry, and OpenVAS/SSV...
CVE-2010-1459
CVE-2010-1459 concerns Mono’s ASP.NET implementation where the default EnableViewStateMac setting was FALSE prior to version 2.6.4, enabling remote attackers to conduct XSS via the __VIEWSTATE parameter (e.g., in XSP sample project). The initial description confirms the XSS vector and affected co...
CVE-2010-1459
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...