CVSS: 4.3EPSS: 14%CPEs: 1EXPL: 0CVE-2006-7192
https://notcve.org/view.php?id=CVE-2006-7192
Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. Microsoft ASP .NET Framework 2.0.50727.42 no maneja adecuadamente los delimitadores de comentario (/* */), lo cual permite a atacantes remotos evitar el filtrado de peticiones y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS), o provocar una denegación de servicio, como se ha demostrado mediante un atributo STYLE xss:expression en una etiqueta de cierre XSS HTML. • http://osvdb.org/35269 http://securityreason.com/securityalert/2530 http://www.cpni.gov.uk/docs/re-20061020-00710.pdf http://www.procheckup.com/Vulner_PR0703.php http://www.securityfocus.com/archive/1/464796/100/0/threaded http://www.securityfocus.com/bid/20753 •
CVSS: 4.3EPSS: 85%CPEs: 1EXPL: 0CVE-2006-3436
https://notcve.org/view.php?id=CVE-2006-3436
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft .NET Framework 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados implicando "controles ASP.NET que establecen la propiedad AutoPostBack a true". • http://secunia.com/advisories/22307 http://securitytracker.com/id?1017029 http://www.kb.cert.org/vuls/id/455604 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20337 http://www.vupen.com/english/advisories/2006/3976 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-056 https://exchange.xforce.ibmcloud.com/vulnerabilities/28658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3 •
CVSS: 5.0EPSS: 79%CPEs: 1EXPL: 0CVE-2006-1300
https://notcve.org/view.php?id=CVE-2006-1300
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." Microsoft .NET framework 2.0 (ASP.NET) en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 hasta SP1, permite a atacantes remotos evitar las restricciones de acceso a través de "URL paths" no especificadas que pueden acceder a objetos Application Folder "explícitamente por nombre". • http://secunia.com/advisories/20999 http://securitytracker.com/id?1016465 http://www.osvdb.org/27153 http://www.securityfocus.com/bid/18920 http://www.vupen.com/english/advisories/2006/2751 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/26802 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A419 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 6CVE-2006-1510 – Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1510
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. • https://www.exploit-db.com/exploits/27476 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html http://owasp.net/forums/234/showpost.aspx http://owasp.net/forums/257/showpost.aspx http://secunia.com/advisories/19406 http://www.securityfocus.com/bid/17243 http://www.vupen.com/english/advisories/2006/1113 https://exchange.xforce.ibmcloud.com/vulnerabilities/25439 •
CVSS: 5.1EPSS: 8%CPEs: 5EXPL: 2CVE-2006-1511
https://notcve.org/view.php?id=CVE-2006-1511
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html http://owasp.net/forums/234/showpost.aspx http://owasp.net/forums/257/showpost.aspx http://secunia.com/advisories/19406 http://www.securityfocus.com/bid/17243 http://www.vupen.com/english/advisories/2006/1113 https://exchange.xforce.ibmcloud.com/vulnerabilities/25438 •