CVE-2008-3422
https://notcve.org/view.php?id=CVE-2008-3422
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de las librerías de clase ASP.net en Mono 2.0 y versiones anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de atributos manipulados relacionados con (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), y (5) HtmlSelect (RenderChildren). • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html http://secunia.com/advisories/31338 http://secunia.com/advisories/31982 http://secunia.com/advisories/36494 http://www.securityfocus.com/bid/30471 https://bugzilla.novell.com/show_bug.cgi?id=413534 https://exchange.xforce.ibmcloud.com/vulnerabilities/44229 https://usn.ubuntu.com/826-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5197
https://notcve.org/view.php?id=CVE-2007-5197
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. El desbordamiento de búfer en la clase Mono.Math.BigInteger en Mono versión 1.2.5.1 y anteriores permite que los atacantes dependiendo del contexto ejecutar código arbitrario por medio de vectores no específicos relacionados a Reduce en métodos Pow basados en Montgomery. • http://bugs.gentoo.org/attachment.cgi?id=134361&action=view http://bugs.gentoo.org/show_bug.cgi?id=197067 http://secunia.com/advisories/27439 http://secunia.com/advisories/27493 http://secunia.com/advisories/27511 http://secunia.com/advisories/27583 http://secunia.com/advisories/27612 http://secunia.com/advisories/27639 http://secunia.com/advisories/27937 http://www.debian.org/security/2007/dsa-1397 http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5473
https://notcve.org/view.php?id=CVE-2007-5473
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el código fuente de ficheros sensibles mediante una petición que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado adecuadamente por XSP. • http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs http://osvdb.org/41871 http://secunia.com/advisories/27349 http://www.securityfocus.com/bid/26166 https://exchange.xforce.ibmcloud.com/vulnerabilities/37341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-5072
https://notcve.org/view.php?id=CVE-2006-5072
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. Las clases System.CodeDom.Compiler en Novell Mono crean archivos temporales con permisos no seguros, lo cual permite a usuarios locales sobreescribir ficheros de su elección a ejecutar código de su elección a través de un ataque symlink. • http://fedoranews.org/cms/node/2401 http://secunia.com/advisories/22237 http://secunia.com/advisories/22277 http://secunia.com/advisories/22614 http://secunia.com/advisories/23154 http://secunia.com/advisories/23213 http://secunia.com/advisories/23776 http://security.gentoo.org/glsa/glsa-200611-23.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:188 http://www.novell.com/linux/security/advisories/2006_73_mono.html http://www.securityfocus.com/bid/20340 http& •
CVE-2005-0509
https://notcve.org/view.php?id=CVE-2005-0509
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". • http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml http://marc.info/?l=bugtraq&m=110867912714913&w=2 http://secunia.com/advisories/14325 •