Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2002-07-26 |
| Product | .Net Framework | Last view | 2022-11-09 |
| Version | 2.0 | Type | |
| Update | sp2 | ||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.8 | 2022-11-09 | CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability. |
| 5.5 | 2022-05-10 | CVE-2022-30130 | .NET Framework Denial of Service Vulnerability. |
| 7.5 | 2022-04-15 | CVE-2022-26832 | .NET Framework Denial of Service Vulnerability. |
| 7.5 | 2022-01-11 | CVE-2022-21911 | .NET Framework Denial of Service Vulnerability. |
| 7.5 | 2021-02-25 | CVE-2021-24111 | .NET Framework Denial of Service Vulnerability |
| 5.5 | 2020-10-16 | CVE-2020-16937 | An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka '.NET Framework Information Disclosure Vulnerability'. |
| 5.5 | 2020-08-17 | CVE-2020-1476 | An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files, aka 'ASP.NET and .NET Elevation of Privilege Vulnerability'. |
| 7.8 | 2020-08-17 | CVE-2020-1046 | A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'. |
| 7.8 | 2020-05-21 | CVE-2020-1066 | An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'. |
| 9.8 | 2020-01-14 | CVE-2020-0646 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. |
| 8.8 | 2020-01-14 | CVE-2020-0606 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. |
| 8.8 | 2020-01-14 | CVE-2020-0605 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. |
| 5.5 | 2019-09-11 | CVE-2019-1142 | An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. |
| 8.8 | 2019-07-15 | CVE-2019-1113 | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. |
| 7.5 | 2019-07-15 | CVE-2019-1083 | A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. |
| 7.5 | 2019-07-15 | CVE-2019-1006 | An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. |
| 5.5 | 2019-05-16 | CVE-2019-0864 | A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. |
| 6.5 | 2019-05-14 | CVE-2019-11397 | GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. |
| 8.8 | 2019-03-05 | CVE-2019-0613 | A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'. |
| 7.5 | 2019-01-08 | CVE-2019-0545 | An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. |
| 9.8 | 2018-12-11 | CVE-2018-8540 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. |
| 7.5 | 2018-12-11 | CVE-2018-8517 | A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. |
| 9.8 | 2018-09-12 | CVE-2018-8421 | A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. |
| 7.5 | 2018-08-15 | CVE-2018-8360 | An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. |
| 5.5 | 2018-07-10 | CVE-2018-8356 | A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (30) | CWE-20 | Improper Input Validation |
| 16% (17) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 14% (15) | CWE-264 | Permissions, Privileges, and Access Controls |
| 13% (14) | CWE-200 | Information Exposure |
| 8% (9) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 3% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (3) | CWE-310 | Cryptographic Issues |
| 2% (3) | CWE-295 | Certificate Issues |
| 2% (3) | CWE-19 | Data Handling |
| 1% (2) | CWE-399 | Resource Management Errors |
| 1% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (1) | CWE-287 | Improper Authentication |
| 0% (1) | CWE-209 | Information Exposure Through an Error Message |
| 0% (1) | CWE-91 | XML Injection (aka Blind XPath Injection) |
| 0% (1) | CWE-17 | Code |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:4307 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002) |
| oval:org.mitre.oval:def:4216 | GDI+ JPEG Parsing Engine Buffer Overflow (IE6) |
| oval:org.mitre.oval:def:4003 | GDI+ JPEG Parsing Engine Buffer Overflow (Windows XP) |
| oval:org.mitre.oval:def:3881 | GDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2) |
| oval:org.mitre.oval:def:3810 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2003) |
| oval:org.mitre.oval:def:3320 | GDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003 |
| oval:org.mitre.oval:def:3082 | GDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002) |
| oval:org.mitre.oval:def:3038 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1) |
| oval:org.mitre.oval:def:2706 | GDI+ JPEG Parsing Engine Buffer Overflow (Office 2003) |
| oval:org.mitre.oval:def:1721 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003) |
| oval:org.mitre.oval:def:1105 | GDI+ JPEG Parsing Engine Buffer Overflow (Server 2003) |
| oval:org.mitre.oval:def:1538 | Win2K/XP,SP1 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1535 | Win2k,SP4 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1468 | WinXP,SP2 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1464 | Server 2003,SP1 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1454 | Server 2003 DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:1155 | WinXP,SP1 (64-bit) DDS Library Shape Control Buffer Overflow |
| oval:org.mitre.oval:def:419 | .NET 2.0 Application Folder Information Disclosure Vulnerability |
| oval:org.mitre.oval:def:377 | Microsoft .NET Framework 2.0 Cross-Site Scripting Vulnerability |
| oval:org.mitre.oval:def:2093 | .NET PE Loader Vulnerability |
| oval:org.mitre.oval:def:2070 | ASP.NET Null Byte Termination Vulnerability |
| oval:org.mitre.oval:def:1873 | .NET JIT Compiler Vulnerability |
| oval:org.mitre.oval:def:6393 | Remote Unauthenticated Denial of Service in ASP.NET Vulnerability |
| oval:org.mitre.oval:def:5716 | Microsoft .NET Framework Pointer Verification Vulnerability |
| oval:org.mitre.oval:def:6451 | Microsoft .NET Framework Type Verification Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft .NET Framework Memory Access Vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76214 | Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page... |
| 74404 | Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Infor... |
| 74403 | Microsoft .NET Framework Chart Control Special URI Character GET Request Pars... |
| 72932 | Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution |
| 72931 | Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution |
| 71782 | Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Pro... |
| 68556 | Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Cod... |
| 68127 | Microsoft ASP.NET ViewState Cryptographic Padding Remote Information Disclosure |
| 66993 | Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote C... |
| 65013 | Microsoft .NET ASP.NET EnableViewStateMac Property Default Configuration XSS |
| 58851 | Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulatio... |
| 58850 | Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution |
| 58849 | Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary... |
| 56905 | Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS |
| 50302 | Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token... |
| 49385 | Microsoft ASP.NET Request Validation <~/ Crafted STYLE Element XSS |
| 49384 | Microsoft ASP.NET Request Validation </ Query String XSS |
| 35956 | Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbi... |
| 35955 | Microsoft .NET Framework NULL Byte URL Arbitrary File Access |
| 35954 | Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution |
| 35269 | Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness |
| 29431 | Microsoft .NET Framework AutoPostBack Property Unspecified XSS |
| 27153 | Microsoft .NET Framework Crafted Request Access Restriction Bypass |
| 24208 | Microsoft .NET Framework ILDASM Overflow |
| 24207 | Microsoft .NET Framework ILASM .il File Processing Overflow |
ExploitDB Exploits
| id | Description |
|---|---|
| 35280 | .NET Remoting Services Remote Command Execution |
| 33892 | MS14-009 .NET Deployment Service IE Sandbox Escape |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-11-14 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2745030) File : nvt/secpod_ms12-074.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-13 (mono mono-debugger) File : nvt/glsa_201206_13.nasl |
| 2012-06-13 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2706726) File : nvt/secpod_ms12-038.nasl |
| 2012-05-09 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) File : nvt/secpod_ms12-035.nasl |
| 2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
| 2012-04-11 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2671605) File : nvt/secpod_ms12-025.nasl |
| 2012-02-15 | Name : Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vuln... File : nvt/secpod_ms12-016.nasl |
| 2011-10-12 | Name : Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability ... File : nvt/secpod_ms11-078.nasl |
| 2011-08-11 | Name : Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (... File : nvt/secpod_ms11-066.nasl |
| 2011-08-11 | Name : Microsoft .NET Framework Information Disclosure Vulnerability (2567951) File : nvt/secpod_ms11-069.nasl |
| 2011-06-15 | Name : Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability ... File : nvt/secpod_ms11-039.nasl |
| 2011-06-15 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2538814) File : nvt/secpod_ms11-044.nasl |
| 2011-05-26 | Name : Microsoft .NET Framework Security Bypass Vulnerability File : nvt/secpod_ms_dotnet_security_bypass_vuln.nasl |
| 2011-04-13 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2484015) File : nvt/secpod_ms11-028.nasl |
| 2010-12-13 | Name : Microsoft Windows ASP.NET Denial of Service Vulnerability(970957) File : nvt/gb_ms09-036.nasl |
| 2010-09-29 | Name : Microsoft ASP.NET Information Disclosure Vulnerability (2418042) File : nvt/secpod_ms10-070_remote.nasl |
| 2010-08-11 | Name : Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2... File : nvt/secpod_ms10-060.nasl |
| 2010-06-09 | Name : Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability File : nvt/gb_ms_dotnet_xss_vuln.nasl |
| 2009-10-15 | Name : Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378) File : nvt/secpod_ms09-061.nasl |
| 2009-03-15 | Name : Microsoft Security Bulletin MS07-040 File : nvt/remote-MS07-040.nasl |
| 2009-03-15 | Name : Microsoft Security Bulletin MS06-056 File : nvt/remote-MS06-056.nasl |
| 2009-03-15 | Name : Microsoft Security Bulletin MS06-033 File : nvt/remote-MS06-033.nasl |
| 2008-05-15 | Name : .NET JIT Compiler Vulnerability File : nvt/win_CVE-2007-0043.nasl |
| 2005-11-03 | Name : foxweb CGI File : nvt/foxweb_dll.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0213 | Multiple Vulnerabilities in Microsoft .NET Framework (MS15-101) Severity: Category II - VMSKEY: V0061387 |
| 2015-A-0196 | Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080) Severity: Category II - VMSKEY: V0061311 |
| 2015-A-0195 | Multiple Vulnerabilities in Microsoft .NET Framework (MS15-092) Severity: Category II - VMSKEY: V0061309 |
| 2015-A-0105 | Multiple Vulnerabilities in Microsoft .NET Framework (MS15-048) Severity: Category II - VMSKEY: V0060647 |
| 2015-A-0089 | Microsoft .NET Framework Information Disclosure Vulnerability (MS15-041) Severity: Category I - VMSKEY: V0059893 |
| 2014-A-0173 | Microsoft .NET Framework Remote Privilege Escalation Vulnerability Severity: Category I - VMSKEY: V0057383 |
| 2014-A-0147 | Multiple Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0055427 |
| 2014-A-0128 | Microsoft .NET Framework Security Feature Bypass Vulnerability Severity: Category II - VMSKEY: V0053805 |
| 2014-A-0073 | Microsoft .NET Framework Privilege Escalation Vulnerability Severity: Category I - VMSKEY: V0050455 |
| 2014-B-0013 | Multiple Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0044036 |
| 2013-A-0187 | Multiple Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0040753 |
| 2013-B-0071 | Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight Severity: Category II - VMSKEY: V0039211 |
| 2013-A-0135 | Microsoft GDI+ Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0039199 |
| 2013-A-0040 | Microsoft .NET Framework Privilege Escalation Vulnerability Severity: Category I - VMSKEY: V0036822 |
| 2013-B-0001 | Microsoft Open Data Protocol Denial of Service Vulnerability Severity: Category I - VMSKEY: V0036447 |
| 2013-A-0006 | Multiple Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0036453 |
| 2012-A-0184 | Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0034955 |
| 2012-A-0080 | Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework Severity: Category I - VMSKEY: V0032305 |
| 2011-B-0100 | Microsoft ASP.NET Chart Control Information Disclosure Vulnerability Severity: Category II - VMSKEY: V0029781 |
| 2011-A-0082 | Microsoft .NET Framework Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0028594 |
| 2009-B-0036 | Microsoft ASP.NET Denial of Service Vulnerability Severity: Category I - VMSKEY: V0019878 |
| 2007-A-0037 | Multiple Vulnerabilities in Microsoft .NET Framework (MS07-040) Severity: Category II - VMSKEY: V0014473 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | ASP.NET 2.0 cross-site scripting attempt RuleID : 8700 - Type : SERVER-IIS - Revision : 8 |
| 2021-01-26 | Microsoft ASP.NET bad request denial of service attempt RuleID : 56804 - Type : SERVER-IIS - Revision : 1 |
| 2020-09-02 | Microsoft .NET API XPS file parsing remote code execution attempt RuleID : 54619 - Type : FILE-OTHER - Revision : 1 |
| 2020-09-02 | Microsoft .NET API XPS file parsing remote code execution attempt RuleID : 54618 - Type : FILE-OTHER - Revision : 1 |
| 2017-10-17 | RTF WSDL file download attempt RuleID : 44372 - Type : FILE-OFFICE - Revision : 2 |
| 2017-10-17 | RTF WSDL file download attempt RuleID : 44371 - Type : FILE-OFFICE - Revision : 2 |
| 2017-10-12 | WSDL soap endpoint location code injection attempt RuleID : 44354 - Type : FILE-OTHER - Revision : 2 |
| 2017-10-12 | WSDL soap endpoint location code injection attempt RuleID : 44353 - Type : FILE-OTHER - Revision : 2 |
| 2017-08-31 | Microsoft ASP.NET bad request denial of service attempt RuleID : 43808 - Type : SERVER-IIS - Revision : 1 |
| 2017-08-31 | Microsoft ASP.NET bad request denial of service attempt RuleID : 43807 - Type : SERVER-IIS - Revision : 1 |
| 2017-08-31 | Microsoft .NET framework mscormmc.dll ASLR bypass attempt RuleID : 43792 - Type : OS-WINDOWS - Revision : 1 |
| 2017-08-31 | Microsoft .NET framework mscormmc.dll ASLR bypass attempt RuleID : 43791 - Type : OS-WINDOWS - Revision : 1 |
| 2017-07-20 | Microsoft .NET framework CLI loader denial of service attempt RuleID : 43226 - Type : OS-WINDOWS - Revision : 3 |
| 2017-07-20 | Microsoft .NET framework CLI loader denial of service attempt RuleID : 43225 - Type : OS-WINDOWS - Revision : 3 |
| 2014-01-10 | Microsoft Internet Explorer WMI ASDI Extension ActiveX object access RuleID : 4236 - Type : BROWSER-PLUGINS - Revision : 16 |
| 2014-01-10 | Microsoft Internet Explorer Helper Object for Java ActiveX object access RuleID : 4235 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer MSVTDGridCtrl7 ActiveX object access RuleID : 4234 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer Visual Database Tools Query Designer v7.0 ActiveX... RuleID : 4233 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer SysTray Invoker ActiveX object access RuleID : 4232 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer SysTray ActiveX object access RuleID : 4231 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer Search Assistant UI ActiveX object access RuleID : 4230 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer MSAPP Export Support for Office Access ActiveX ob... RuleID : 4229 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Windows Start Menu ActiveX object access RuleID : 4228 - Type : BROWSER-PLUGINS - Revision : 14 |
| 2014-01-10 | Microsoft Internet Explorer Network Connections ActiveX object access RuleID : 4227 - Type : BROWSER-PLUGINS - Revision : 15 |
| 2014-01-10 | Microsoft Internet Explorer DocHost User Interface Handler ActiveX object access RuleID : 4226 - Type : BROWSER-PLUGINS - Revision : 15 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-11-27 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-3248.nasl - Type: ACT_GATHER_INFO |
| 2017-11-03 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038781.nasl - Type: ACT_GATHER_INFO |
| 2017-11-03 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jul_4025338.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038777.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038782.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038783.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038788.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038792.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_4038799.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host has a software framework installed that is affected b... File: smb_nt_ms17_sep_4041083.nasl - Type: ACT_GATHER_INFO |
| 2017-09-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_sep_win2008.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jul_4025344.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jul_4025342.nasl - Type: ACT_GATHER_INFO |
| 2017-07-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_jul_4025339.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_may_4019474.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_may_4019473.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_may_4019472.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_may_4019215.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote Windows host has a software framework installed that is affected b... File: smb_nt_ms17_may_4019112.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_may_4016871.nasl - Type: ACT_GATHER_INFO |
| 2017-04-14 | Name: The remote Windows host has a software framework installed that is affected b... File: smb_nt_ms17_apr_4014981.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015221.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015219.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015583.nasl - Type: ACT_GATHER_INFO |
| 2016-12-13 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms16-155.nasl - Type: ACT_GATHER_INFO |
