CVSS: 9.8EPSS: 64%CPEs: 2EXPL: 2CVE-2004-0847 – Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access
https://notcve.org/view.php?id=CVE-2004-0847
06 Oct 2004 — The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." La característica de autenticación en formularios .NET permite a atacantes remotos evitar la autenticación de ficheros .aspx en directorios restringidos mediante una petición conteniendo un (1) 1) "" (barra invertida) or (2) ""%5C"" (barra ... • https://www.exploit-db.com/exploits/24666 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 75%CPEs: 43EXPL: 6CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
17 Sep 2004 — Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud ... • https://www.exploit-db.com/exploits/474 •
CVSS: 9.1EPSS: 80%CPEs: 19EXPL: 2CVE-2004-0204 – Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-0204
11 Jun 2004 — Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9... • https://www.exploit-db.com/exploits/24077 •
CVSS: 6.8EPSS: 21%CPEs: 1EXPL: 0CVE-2003-0768
https://notcve.org/view.php?id=CVE-2003-0768
12 Sep 2003 — Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. Microsoft ASP.Net 1.1 permite a atacantes remotos saltarse la protección contra inyección de script y secuencias de comandos en sitios cruzados (XSS) mediante un carácter nulo al comienzo de un nombre de etiqueta. • http://marc.info/?l=bugtraq&m=106304326916062&w=2 •
CVSS: 7.5EPSS: 20%CPEs: 14EXPL: 1CVE-2002-0864
https://notcve.org/view.php?id=CVE-2002-0864
11 Oct 2002 — The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." • http://marc.info/?l=bugtraq&m=103235745116592&w=2 •
CVSS: 7.5EPSS: 8%CPEs: 22EXPL: 0CVE-2002-0863
https://notcve.org/view.php?id=CVE-2002-0863
01 Oct 2002 — Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." • http://marc.info/?l=bugtraq&m=103235960119404&w=2 •
CVSS: 10.0EPSS: 19%CPEs: 1EXPL: 0CVE-2002-0369
https://notcve.org/view.php?id=CVE-2002-0369
26 Jul 2002 — Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode. • http://www.iss.net/security_center/static/9276.php •
CVSS: 5.3EPSS: 27%CPEs: 1EXPL: 0CVE-2002-0409
https://notcve.org/view.php?id=CVE-2002-0409
11 Jun 2002 — orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. • http://marc.info/?l=bugtraq&m=101518860823788&w=2 •