Page 3 of 13 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el código fuente de ficheros sensibles mediante una petición que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado adecuadamente por XSP. • http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs http://osvdb.org/41871 http://secunia.com/advisories/27349 http://www.securityfocus.com/bid/26166 https://exchange.xforce.ibmcloud.com/vulnerabilities/37341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. Las clases System.CodeDom.Compiler en Novell Mono crean archivos temporales con permisos no seguros, lo cual permite a usuarios locales sobreescribir ficheros de su elección a ejecutar código de su elección a través de un ataque symlink. • http://fedoranews.org/cms/node/2401 http://secunia.com/advisories/22237 http://secunia.com/advisories/22277 http://secunia.com/advisories/22614 http://secunia.com/advisories/23154 http://secunia.com/advisories/23213 http://secunia.com/advisories/23776 http://security.gentoo.org/glsa/glsa-200611-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:188 http://www.novell.com/linux/security/advisories/2006_73_mono.html http://www.securityfocus.com/bid/20340 http& •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". • http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml http://marc.info/?l=bugtraq&m=110867912714913&w=2 http://secunia.com/advisories/14325 •