Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asp.net vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-8171
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Microsoft Asp.net Model View Controller 5.2
Microsoft Asp.net Webpages 3.2.3
Microsoft Asp.net Core 2.0
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 1.0
5
CVSSv2
CVE-2017-8700
ASP.NET Core 1.0, 1.1, and 2.0 allow an malicious user to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 2.0
1 Article
5
CVSSv2
CVE-2018-0808
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 2.0
1 Article
6.8
CVSSv2
CVE-2019-1302
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.
Microsoft Asp.net Core 2.1
Microsoft Asp.net Core 3.0
Microsoft Asp.net Core 2.2
2 Github repositories
1 Article
6.8
CVSSv2
CVE-2018-0787
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 2.0
Microsoft Asp.net Core 1.1
4.3
CVSSv2
CVE-2013-5042
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x prior to 1.1.4 and 2.0.x prior to 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote malicious users to inject arbitrary web script or HTML via crafted Forever Frame transport protocol da...
Microsoft Asp.net Signalr 1.1.3
Microsoft Asp.net Signalr 1.1.0
Microsoft Asp.net Signalr 2.0.0
Microsoft Asp.net Signalr 1.1.2
Microsoft Asp.net Signalr 1.1.1
Microsoft Visual Studio Team Foundation Server 2013
7.5
CVSSv2
CVE-2004-0847
The Microsoft .NET forms authentication capability for ASP.NET allows remote malicious users to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Vali...
Microsoft Asp.net 1.1
Microsoft Asp.net
1 EDB exploit
7.8
CVSSv2
CVE-2006-1364
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote malicious users to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several do...
Microsoft Asp.net 1.1
Microsoft Asp.net
1 EDB exploit
4.3
CVSSv2
CVE-2005-0452
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote malicious users to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, includi...
Microsoft Asp.net 1.0
Microsoft Asp.net 1.1
1 EDB exploit
1 Github repository
5
CVSSv2
CVE-2005-1665
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote malicious users to cause a denial of service (CPU consumption) via deeply nested markup.
Microsoft Asp.net 1.0
Microsoft Asp.net 1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »