CVSS: 7.8EPSS: 76%CPEs: 13EXPL: 0CVE-2011-3414
https://notcve.org/view.php?id=CVE-2011-3414
30 Dec 2011 — The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." La función CaseInsensitiveHashProvider.getHashC... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 48%CPEs: 13EXPL: 0CVE-2011-3415
https://notcve.org/view.php?id=CVE-2011-3415
30 Dec 2011 — Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." Abrir redirigir la vulnerabilidad en la función de autenticación de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0 permite a... • http://jvn.jp/en/jp/JVN71256611/index.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 86%CPEs: 13EXPL: 0CVE-2011-3416
https://notcve.org/view.php?id=CVE-2011-3416
30 Dec 2011 — The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." La función de autenticación de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0 permite a usuarios remotos autenticados obtener acceso a cuentas de usuario de su elecc... • http://www.us-cert.gov/cas/techalerts/TA11-347A.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 65%CPEs: 13EXPL: 0CVE-2011-3417
https://notcve.org/view.php?id=CVE-2011-3417
30 Dec 2011 — The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." La función de autenticación de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0, cuando la pér... • http://www.securityfocus.com/bid/51203 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 20%CPEs: 11EXPL: 0CVE-2011-1992
https://notcve.org/view.php?id=CVE-2011-1992
14 Dec 2011 — The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." El fitro XSS de Microsoft Internet Explorer 8 permite a atacantes remotos leer contenido de un distinto (1) dominio o (2) zona a través de un ataque de "prueba y error". También conocido como "Vulnerabilidad de revelación de información del fitro XSS". • http://www.us-cert.gov/cas/techalerts/TA11-347A.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 20%CPEs: 27EXPL: 0CVE-2011-3404
https://notcve.org/view.php?id=CVE-2011-3404
14 Dec 2011 — Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta la versión 9 no utiliza apropiadamente la cabecera HTTP Content-Disposition para controlar la representación gráfica del cuerpo de la respuesta HTTP, lo que... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 41%CPEs: 10EXPL: 0CVE-2011-3406
https://notcve.org/view.php?id=CVE-2011-3406
14 Dec 2011 — Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." Un desbordamiento de búfer en Active Direc... • http://www.us-cert.gov/cas/techalerts/TA11-347A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2011-3408
https://notcve.org/view.php?id=CVE-2011-3408
14 Dec 2011 — Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." Csrsrv.dll ... • http://www.us-cert.gov/cas/techalerts/TA11-347A.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 7%CPEs: 10EXPL: 0CVE-2011-2014
https://notcve.org/view.php?id=CVE-2011-2014
08 Nov 2011 — The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a rev... • http://www.securitytracker.com/id?1026294 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 27%CPEs: 13EXPL: 0CVE-2011-1247
https://notcve.org/view.php?id=CVE-2011-1247
12 Oct 2011 — Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." Una vulnerabilidad de ruta de búsqueda no confiable en el componente Microsoft Active Accessibility en Microsoft Wind... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-075 •