This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mono First view 2007-10-18
Product Mono Last view 2012-07-12
Version 1.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mono:mono

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2012-07-12 CVE-2012-3382

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

6.9 2010-11-17 CVE-2010-4159

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.

4.3 2010-05-27 CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.

7.5 2007-11-02 CVE-2007-5197

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

5 2007-10-18 CVE-2007-5473

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-200 Information Exposure
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
69325 Mono metadata/loader.c Path Subversion Local Privilege Escalation
65051 Mono ASP.NET EnableViewStateMac Property Default Configuration XSS
41872 Mono Mono.Math.BigInteger Montgomery-based Pow Method Reduce Overflow
41871 Mono on Windows System.Web StaticFileHandler.cs Crafted Request Source Code D...

OpenVAS Exploits

id Description
2012-10-25 Name : Mandriva Update for mono MDVSA-2012:140 (mono)
File : nvt/gb_mandriva_MDVSA_2012_140.nasl
2012-08-10 Name : Debian Security Advisory DSA 2512-1 (mono)
File : nvt/deb_2512_1.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger)
File : nvt/glsa_201206_13.nasl
2012-07-26 Name : Ubuntu Update for mono USN-1517-1
File : nvt/gb_ubuntu_USN_1517_1.nasl
2011-04-01 Name : Fedora Update for mono FEDORA-2011-3393
File : nvt/gb_fedora_2011_3393_mono_fc14.nasl
2011-04-01 Name : Fedora Update for mono-addins FEDORA-2011-3393
File : nvt/gb_fedora_2011_3393_mono-addins_fc14.nasl
2010-12-02 Name : Mandriva Update for mono MDVSA-2010:240 (mono)
File : nvt/gb_mandriva_MDVSA_2010_240.nasl
2010-07-16 Name : Fedora Update for xsp FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_xsp_fc13.nasl
2010-07-16 Name : Fedora Update for mono FEDORA-2010-10433
File : nvt/gb_fedora_2010_10433_mono_fc12.nasl
2010-07-16 Name : Fedora Update for mono FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_mono_fc13.nasl
2010-07-16 Name : Fedora Update for mono-tools FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_mono-tools_fc13.nasl
2010-07-16 Name : Fedora Update for mono-basic FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_mono-basic_fc13.nasl
2010-07-16 Name : Fedora Update for mod_mono FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_mod_mono_fc13.nasl
2010-07-16 Name : Fedora Update for libgdiplus FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_libgdiplus_fc13.nasl
2010-07-16 Name : Fedora Update for gtksourceview-sharp FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_gtksourceview-sharp_fc13.nasl
2010-07-16 Name : Fedora Update for gnome-sharp FEDORA-2010-10332
File : nvt/gb_fedora_2010_10332_gnome-sharp_fc13.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:322 (mono)
File : nvt/mdksa_2009_322.nasl
2009-04-09 Name : Mandriva Update for mono MDKSA-2007:218 (mono)
File : nvt/gb_mandriva_MDKSA_2007_218.nasl
2009-03-23 Name : Ubuntu Update for mono vulnerability USN-553-1
File : nvt/gb_ubuntu_USN_553_1.nasl
2009-02-27 Name : Fedora Update for mono FEDORA-2007-745
File : nvt/gb_fedora_2007_745_mono_fc6.nasl
2009-02-27 Name : Fedora Update for mono FEDORA-2007-3130
File : nvt/gb_fedora_2007_3130_mono_fc7.nasl
2009-02-27 Name : Fedora Update for mono FEDORA-2007-2969
File : nvt/gb_fedora_2007_2969_mono_fc8.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-10 (mono)
File : nvt/glsa_200711_10.nasl
2008-01-17 Name : Debian Security Advisory DSA 1397-1 (mono)
File : nvt/deb_1397_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-498.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_bytefx-data-mysql-120713.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2012-140.nasl - Type: ACT_GATHER_INFO
2012-07-26 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1517-1.nasl - Type: ACT_GATHER_INFO
2012-07-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2512.nasl - Type: ACT_GATHER_INFO
2012-06-22 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201206-13.nasl - Type: ACT_GATHER_INFO
2011-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_bytefx-data-mysql-7479.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_bytefx-data-mysql-7445.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_bytefx-data-mysql-110331.nasl - Type: ACT_GATHER_INFO
2011-04-01 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2011-3393.nasl - Type: ACT_GATHER_INFO
2010-12-02 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_bytefx-data-mysql-100422.nasl - Type: ACT_GATHER_INFO
2010-11-28 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2010-240.nasl - Type: ACT_GATHER_INFO
2010-07-14 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10433.nasl - Type: ACT_GATHER_INFO
2010-07-14 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2010-10332.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_bytefx-data-mysql-100422.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_bytefx-data-mysql-100422.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_bytefx-data-mysql-100426.nasl - Type: ACT_GATHER_INFO
2009-12-08 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-322.nasl - Type: ACT_GATHER_INFO
2007-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_bytefx-data-mysql-4453.nasl - Type: ACT_GATHER_INFO
2007-12-07 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-553-1.nasl - Type: ACT_GATHER_INFO
2007-11-15 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-218.nasl - Type: ACT_GATHER_INFO
2007-11-12 Name: The remote Fedora host is missing a security update.
File: fedora_2007-3130.nasl - Type: ACT_GATHER_INFO
2007-11-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200711-10.nasl - Type: ACT_GATHER_INFO
2007-11-08 Name: The remote Fedora host is missing a security update.
File: fedora_2007-2969.nasl - Type: ACT_GATHER_INFO
2007-11-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1397.nasl - Type: ACT_GATHER_INFO