CVSS: 7.8EPSS: 92%CPEs: 7EXPL: 1CVE-2007-0042 – Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." Un conflicto de interpretación en ASP.NET en Microsoft .NET Framework versión 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite que los atacantes remotos accedan a los archivos de configuración y obtengan información confidencial, y posiblemente omitan los mecanismos de seguridad que intentan restringir el acceso. La subcadena final de una cadena, por medio de caracteres %00 , relacionada con el uso de %00 como terminador de cadena dentro de las funciones POSIX pero un carácter data dentro de las cadenas .NET, también se conoce como "Null Byte Termination Vulnerability.". • https://www.exploit-db.com/exploits/30281 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://secunia.com/advisories/26003 http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 14%CPEs: 1EXPL: 0CVE-2006-7192
https://notcve.org/view.php?id=CVE-2006-7192
Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. Microsoft ASP .NET Framework 2.0.50727.42 no maneja adecuadamente los delimitadores de comentario (/* */), lo cual permite a atacantes remotos evitar el filtrado de peticiones y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS), o provocar una denegación de servicio, como se ha demostrado mediante un atributo STYLE xss:expression en una etiqueta de cierre XSS HTML. • http://osvdb.org/35269 http://securityreason.com/securityalert/2530 http://www.cpni.gov.uk/docs/re-20061020-00710.pdf http://www.procheckup.com/Vulner_PR0703.php http://www.securityfocus.com/archive/1/464796/100/0/threaded http://www.securityfocus.com/bid/20753 •
CVSS: 4.3EPSS: 85%CPEs: 1EXPL: 0CVE-2006-3436
https://notcve.org/view.php?id=CVE-2006-3436
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft .NET Framework 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados implicando "controles ASP.NET que establecen la propiedad AutoPostBack a true". • http://secunia.com/advisories/22307 http://securitytracker.com/id?1017029 http://www.kb.cert.org/vuls/id/455604 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20337 http://www.vupen.com/english/advisories/2006/3976 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-056 https://exchange.xforce.ibmcloud.com/vulnerabilities/28658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •
CVSS: 5.0EPSS: 79%CPEs: 1EXPL: 0CVE-2006-1300
https://notcve.org/view.php?id=CVE-2006-1300
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." Microsoft .NET framework 2.0 (ASP.NET) en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 hasta SP1, permite a atacantes remotos evitar las restricciones de acceso a través de "URL paths" no especificadas que pueden acceder a objetos Application Folder "explícitamente por nombre". • http://secunia.com/advisories/20999 http://securitytracker.com/id?1016465 http://www.osvdb.org/27153 http://www.securityfocus.com/bid/18920 http://www.vupen.com/english/advisories/2006/2751 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/26802 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A419 •