CVSS: 9.3EPSS: 56%CPEs: 40EXPL: 0CVE-2009-0091
https://notcve.org/view.php?id=CVE-2009-0091
14 Oct 2009 — Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." Microsoft .NET Framework v2.0, v2.0 SP1, y v3.5 no cumple adecuadamente con la limitación de igualdad de tipos en un código .NET... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 54%CPEs: 61EXPL: 0CVE-2009-2503 – Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2503
13 Oct 2009 — GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and ... • http://www.us-cert.gov/cas/techalerts/TA09-286A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 19%CPEs: 45EXPL: 0CVE-2008-3842
https://notcve.org/view.php?id=CVE-2008-3842
27 Aug 2008 — Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "
CVSS: 6.1EPSS: 20%CPEs: 50EXPL: 0CVE-2008-3843
https://notcve.org/view.php?id=CVE-2008-3843
27 Aug 2008 — Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detect... • http://securityreason.com/securityalert/4193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 61%CPEs: 7EXPL: 0CVE-2007-0041
https://notcve.org/view.php?id=CVE-2007-0041
10 Jul 2007 — The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. El servicio PE Loader en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que involucran ... • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 80%CPEs: 7EXPL: 1CVE-2007-0042 – Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0042
10 Jul 2007 — Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." Un conflicto de interpretación... • https://www.exploit-db.com/exploits/30281 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 61%CPEs: 7EXPL: 0CVE-2007-0043
https://notcve.org/view.php?id=CVE-2007-0043
10 Jul 2007 — The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". El servicio Just In Time (JIT) Compiler en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite a los atacantes remotos asistidos por el usuario ... • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 15%CPEs: 5EXPL: 6CVE-2006-1510 – Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1510
30 Mar 2006 — Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. • https://www.exploit-db.com/exploits/27476 •
CVSS: 7.8EPSS: 29%CPEs: 5EXPL: 2CVE-2006-1511
https://notcve.org/view.php?id=CVE-2006-1511
30 Mar 2006 — Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html •
CVSS: 6.1EPSS: 8%CPEs: 6EXPL: 0CVE-2005-0509
https://notcve.org/view.php?id=CVE-2005-0509
22 Feb 2005 — Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". • http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml •