EUVD-2010-4199

Malware in sbrugna...

SUSE CVE-2006-2658

Directory traversal vulnerability in the xsp component in modmono in Mono/C web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. dot dot sequence in an HTTP request...

SUSE CVE-2006-6104

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...

SUSE CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

SUSE CVE-2010-4225

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

Mono XSP 1.x/2.0 Source Code Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21687/info XSP is prone to a source code information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the...

CVE-2010-4225

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

DEBIAN-CVE-2010-4225

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

Code injection

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

CVE-2010-4225

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

CVE-2010-4225

CVE-2010-4225 concerns the mod_mono XSP component in Mono 2.8.x before 2.8.2. The issue is an unloading-bug that enables remote attackers to obtain the source code of ASP.NET (.aspx) applications. Affected software is Mono with the mod_mono XSP module; specific impact is source-code disclosure. R...

CVE-2010-4225

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

Fedora Update for mod_mono FEDORA-2010-10332

Check for the Version of modmono OpenVAS Vulnerability Test Fedora Update for modmono FEDORA-2010-10332 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for xsp FEDORA-2010-10332

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 13 Update: mod_mono-2.6.3-1.fc13

modmono allows Apache to serve ASP.NET pages by proxying the requests to a slightly modified version of the XSP server, called mod-mono-server, that is installed along with XSP...

[SECURITY] Fedora 13 Update: xsp-2.6.4-1.fc13

XSP is a standalone web server written in C that can be used to run ASP.NET applications as well as a set of pages, controls and web services that you can use to experience ASP.NET...

DEBIAN-CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

Design/Logic Flaw

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...

CVE-2007-5473

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...