CVSS: 7.8EPSS: 80%CPEs: 7EXPL: 1CVE-2007-0042 – Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0042
10 Jul 2007 — Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." Un conflicto de interpretación... • https://www.exploit-db.com/exploits/30281 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 61%CPEs: 7EXPL: 0CVE-2007-0043
https://notcve.org/view.php?id=CVE-2007-0043
10 Jul 2007 — The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". El servicio Just In Time (JIT) Compiler en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite a los atacantes remotos asistidos por el usuario ... • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 15%CPEs: 1EXPL: 0CVE-2006-7192
https://notcve.org/view.php?id=CVE-2006-7192
10 Apr 2007 — Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. Microsoft ASP .NET Framework 2.0.50727.42 no maneja adecuadamente los delimitadores de comentario (/* */), lo cual permite a atacantes remotos evitar el filtrado de peticiones y llevar a cabo ataques ... • http://osvdb.org/35269 •
CVSS: 10.0EPSS: 25%CPEs: 8EXPL: 0CVE-2007-1512
https://notcve.org/view.php?id=CVE-2007-1512
20 Mar 2007 — Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012)... • http://www.securityfocus.com/archive/1/463009/100/0/threaded •
CVSS: 9.3EPSS: 35%CPEs: 6EXPL: 0CVE-2007-0025
https://notcve.org/view.php?id=CVE-2007-0025
13 Feb 2007 — The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. El componente MFC en Microsoft Windows 2000 SP4, XP SP2 y 2003 SP1 y Visual Studio .NET 2000, 2002 SP1, 2003 y 2003 SP1 permite a atacant... • http://secunia.com/advisories/24150 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 72%CPEs: 7EXPL: 1CVE-2006-6133 – Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6133
28 Nov 2006 — Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. Desbordamiento de búfer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Re... • https://www.exploit-db.com/exploits/29171 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 75%CPEs: 1EXPL: 2CVE-2006-4704 – Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2006-4704
01 Nov 2006 — Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." Vulnerabilidad de secuencias de comandos en zonas cruzadas en el Control ActiveX (WmiScriptUtils.dll) del WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) en el Microsoft Visual Studi... • https://www.exploit-db.com/exploits/16561 •
CVSS: 6.1EPSS: 65%CPEs: 1EXPL: 0CVE-2006-3436
https://notcve.org/view.php?id=CVE-2006-3436
10 Oct 2006 — Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft .NET Framework 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados implicando "controles ASP.NET que establecen la propiedad Au... • http://secunia.com/advisories/22307 •
CVSS: 9.1EPSS: 44%CPEs: 1EXPL: 0CVE-2006-1300
https://notcve.org/view.php?id=CVE-2006-1300
11 Jul 2006 — Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." Microsoft .NET framework 2.0 (ASP.NET) en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 hasta SP1, permite a atacantes remotos evitar las restricciones de acceso a través de "URL paths" no especificadas que pueden acceder a objetos Application... • http://secunia.com/advisories/20999 •
CVSS: 7.8EPSS: 15%CPEs: 5EXPL: 6CVE-2006-1510 – Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1510
30 Mar 2006 — Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. • https://www.exploit-db.com/exploits/27476 •