CVE-2007-0043
https://notcve.org/view.php?id=CVE-2007-0043
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". El servicio Just In Time (JIT) Compiler en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de vectores no específicos que involucran un "unchecked buffer," probablemente un desbordamiento de búfer, también se conoce como ".NET JIT Compiler Vulnerability ". • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35956 http://secunia.com/advisories/26003 http://www.securityfocus.com/bid/24811 http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/34639 https://oval.cisecurity.org/repo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0042 – Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." Un conflicto de interpretación en ASP.NET en Microsoft .NET Framework versión 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite que los atacantes remotos accedan a los archivos de configuración y obtengan información confidencial, y posiblemente omitan los mecanismos de seguridad que intentan restringir el acceso. La subcadena final de una cadena, por medio de caracteres %00 , relacionada con el uso de %00 como terminador de cadena dentro de las funciones POSIX pero un carácter data dentro de las cadenas .NET, también se conoce como "Null Byte Termination Vulnerability.". • https://www.exploit-db.com/exploits/30281 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://secunia.com/advisories/26003 http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-1510 – Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1510
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. • https://www.exploit-db.com/exploits/27476 http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html http://owasp.net/forums/234/showpost.aspx http://owasp.net/forums/257/showpost.aspx http://secunia.com/advisories/19406 http://www.securityfocus.com/bid/17243 http://www.vupen.com/english/advisories/2006/1113 https://exchange.xforce.ibmcloud.com/vulnerabilities/25439 •
CVE-2006-1511
https://notcve.org/view.php?id=CVE-2006-1511
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044482.html http://owasp.net/forums/234/showpost.aspx http://owasp.net/forums/257/showpost.aspx http://secunia.com/advisories/19406 http://www.securityfocus.com/bid/17243 http://www.vupen.com/english/advisories/2006/1113 https://exchange.xforce.ibmcloud.com/vulnerabilities/25438 •
CVE-2005-0509
https://notcve.org/view.php?id=CVE-2005-0509
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". • http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml http://marc.info/?l=bugtraq&m=110867912714913&w=2 http://secunia.com/advisories/14325 •