RSS   Vulnerabilities for 'Asp.net'   RSS

2017-05-12
 
CVE-2017-0256

 

 
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

 
 
CVE-2017-0249

 

 
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

 
 
CVE-2017-0247

 

 
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

 
2010-05-27
 
CVE-2010-2088

CWE-79
 

 
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

 
 
CVE-2010-2084

CWE-79
 

 
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

 
2008-01-17
 
CVE-2008-0333

CWE-22
 

 
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.

 
2006-03-23
 
CVE-2006-1364

 

 
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

 
2005-07-12
 
CVE-2005-2224

CWE-399
 

 
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

 
2005-05-18
 
CVE-2005-1665

 

 
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

 
 
CVE-2005-1664

 

 
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.

 


Copyright 2017, cxsecurity.com