Lucene search

K
MicrosoftWindows Xpsp3

10 matches found

CVE
CVE
added 2011/12/30 1:55 a.m.777 views

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

8.5CVSS6AI score0.86632EPSS
CVE
CVE
added 2011/12/30 1:55 a.m.125 views

CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which ...

7.8CVSS6.4AI score0.76674EPSS
CVE
CVE
added 2011/12/30 1:55 a.m.82 views

CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka ...

9.3CVSS6.5AI score0.64978EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.65 views

CVE-2009-0229

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

4.9CVSS7AI score0.03494EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.64 views

CVE-2010-0233

Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."

7.2CVSS6.2AI score0.00512EPSS
CVE
CVE
added 2011/12/30 1:55 a.m.63 views

CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NE...

6.8CVSS6.5AI score0.48863EPSS
CVE
CVE
added 2010/05/06 12:47 p.m.62 views

CVE-2010-1734

The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9CVSS6.3AI score0.00815EPSS
CVE
CVE
added 2010/10/26 10:0 p.m.53 views

CVE-2010-3227

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 all...

9.3CVSS7.8AI score0.54804EPSS
CVE
CVE
added 2010/05/06 12:47 p.m.52 views

CVE-2010-1735

The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.

4.9CVSS6.3AI score0.00756EPSS
CVE
CVE
added 2008/09/29 8:9 p.m.36 views

CVE-2008-4323

Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file.

4.3CVSS6.3AI score0.08035EPSS