CVE-2007-5473
https://notcve.org/view.php?id=CVE-2007-5473
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el código fuente de ficheros sensibles mediante una petición que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado adecuadamente por XSP. • http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs http://osvdb.org/41871 http://secunia.com/advisories/27349 http://www.securityfocus.com/bid/26166 https://exchange.xforce.ibmcloud.com/vulnerabilities/37341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-5072
https://notcve.org/view.php?id=CVE-2006-5072
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. Las clases System.CodeDom.Compiler en Novell Mono crean archivos temporales con permisos no seguros, lo cual permite a usuarios locales sobreescribir ficheros de su elección a ejecutar código de su elección a través de un ataque symlink. • http://fedoranews.org/cms/node/2401 http://secunia.com/advisories/22237 http://secunia.com/advisories/22277 http://secunia.com/advisories/22614 http://secunia.com/advisories/23154 http://secunia.com/advisories/23213 http://secunia.com/advisories/23776 http://security.gentoo.org/glsa/glsa-200611-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:188 http://www.novell.com/linux/security/advisories/2006_73_mono.html http://www.securityfocus.com/bid/20340 http& •