10 matches found
CVE-2011-3416
CVE-2011-3416 affects Microsoft .NET Framework's ASP.NET Forms Authentication, allowing remote authenticated users to obtain access to arbitrary user accounts via a crafted username. Affected: .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0. The issue is addressed by MS11-100; vulnerable...
CVE-2011-3414
CVE-2011-3414 concerns a denial-of-service in the Microsoft .NET Framework ASP.NET HashTable mapping. The vulnerability arises from the CaseInsensitiveHashProvider.getHashCode function used by the HashTable implementation across .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, which can ...
CVE-2011-3417
The CVE-2011-3417 entry concerns the ASP.NET Forms Authentication feature in Microsoft .NET Framework (1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0). When sliding expiry is enabled, cached content is not handled properly, allowing remote attackers to access arbitrary user accounts via a crafted URL (For...
CVE-2009-0229
The CVE-2009-0229 vulnerability affects the Windows Print Spooler across multiple Windows variants (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2). It is a local information-disclosure flaw where a crafted Separator Page enables local users to read arbitrary files ...
CVE-2010-1734
The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...
CVE-2011-3415
CVE-2011-3415 is an open redirect vulnerability in the ASP.NET Forms Authentication component of Microsoft .NET Framework (2.0 SP2, 3.5 SP1, 3.5.1, 4.0). The issue arises during return URL validation in the login flow, allowing remote attackers to redirect victims to arbitrary sites and potential...
CVE-2010-0233
CVE-2010-0233 – Windows kernel double free vulnerability : Elevation of privilege via a double free in the Windows Kernel when freeing memory. Affected: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold, SP1, SP2); Server 2008 (Gold SP2); and related editions. Root cause: improper memory...
CVE-2010-3227
CVE-2010-3227 describes a remote code execution vulnerability in the Microsoft Foundation Class (MFC) library: a stack-based buffer overflow in UpdateFrameTitleForDocument() within CFrameWnd of mfc42.dll (and affected MFC components across Windows XP SP3, Server 2003, Vista, Server 2008, and Wind...
CVE-2010-1735
The CVE-2010-1735 issue affects the Windows kernel component win32k.sys (SfnLOGONNOTIFY) in Windows 2000, XP and Server 2003. It allows a local attacker to trigger a denial-of-service (system crash) by sending a 0x4c value in the Msg argument of a PostMessage call to the DDEMLEvent window. This i...
CVE-2008-4323
CVE-2008-4323 affects Windows XP SP3: Windows Explorer may crash (DoS) when handling a specially crafted .ZIP file. The vulnerability is described as user-assisted (not remote) and affects Explorer functionality, with no details on a patch or workaround provided in the connected documents. No add...