Authentication flaw

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

CVE-2011-3417

The CVE-2011-3417 entry concerns the ASP.NET Forms Authentication feature in Microsoft .NET Framework (1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0). When sliding expiry is enabled, cached content is not handled properly, allowing remote attackers to access arbitrary user accounts via a crafted URL (For...

CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, ak...

CVE-2011-3416

CVE-2011-3416 affects Microsoft .NET Framework's ASP.NET Forms Authentication, allowing remote authenticated users to obtain access to arbitrary user accounts via a crafted username. Affected: .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0. The issue is addressed by MS11-100; vulnerable...

CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in...

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

This host is missing a critical security update according to Microsoft Bulletin MS11-100. OpenVAS Vulnerability Test $Id: secpodms11-100.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerabilities in .NET Framework Could Allow Elevation of Privilege 2638420 Authors: Sooraj KS Copyright: Copyright c 2011...

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

This host is missing a critical security update according to Microsoft Bulletin MS11-100. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011

This article contains details for the ASP.NET update for the .NET Framework.IntroductionMicrosoft has released security bulletin MS11-100. To view the complete security bulletin, visit one of the following Microsoft websites:Home...

PT-2011-4444 · Microsoft · .Net Framework +1

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.1 SP1 through 4.0 Description: The issue arises from the Forms Authentication feature in the ASP.NET subsystem when sliding expiry is enabled, leading to improper handling of cached content. This allows...

MS11-100: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

The remote Windows host is running a version of the Microsoft ASP.NET Framework that has multiple vulnerabilities. These include: - A flaw exists in the way ASP.NET generates hash tables for user-supplied values. By sending a small number of specially crafted posts to an ASP.NET server, an attack...

PT-2011-4442 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 SP2 through 4.0 Description: The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL. A spoofing vulnerability exists in the way th...

CVE-2011-4736

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in loginup.php3 and certain other files...

Think Safer

Not even a techno-religion is immune from security snafus, as the folks at Apple are steadily discovering. After years of watching the bad guys use crimeware kits like Zeus against Microsoft, the iGang finally got a malware construction tool to call its own in May of this year. Modeled on the...

Oracle Application Server 9.0.x - 9.0.4.2, 10.1.2.0.x - 10.1.2.0.2 Multiple Unspecified Vulnerabilities (cpujan2006)

Oracle Application Server AS is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CGI Generic Cross-Site Request Forgery Detection (potential)

Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery XSRF protection. The web application might be vulnerable to XSRF attacks. Note that : - Nessus did not exploit the flaw. - Nessus cannot...

Debian DSA-2338-1 : moodle - several vulnerabilities

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0020 Continue links in error messages can lead offsite - MSA-11-0024 reCAPTCHA images were being authenticated from an older server - MSA-11-0025 Gro...

DSA-2338-1 moodle - several

Bulletin has no description...

CVE-2011-3776

phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php...

Information disclosure

phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php...