Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft asp.net 1.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2004-0847
The Microsoft .NET forms authentication capability for ASP.NET allows remote malicious users to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Vali...
Microsoft Asp.net 1.1
Microsoft Asp.net
1 EDB exploit
7.5
CVSSv3
CVE-2006-1364
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote malicious users to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several do...
Microsoft Asp.net 1.1
Microsoft Asp.net
1 EDB exploit
NA
CVE-2005-1665
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote malicious users to cause a denial of service (CPU consumption) via deeply nested markup.
Microsoft Asp.net 1.0
Microsoft Asp.net 1.1
NA
CVE-2005-1664
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote malicious users to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the View...
Microsoft Asp.net 1.0
Microsoft Asp.net 1.1
NA
CVE-2005-0452
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote malicious users to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, includi...
Microsoft Asp.net 1.0
Microsoft Asp.net 1.1
1 EDB exploit
1 Github repository
7.5
CVSSv3
CVE-2017-8700
ASP.NET Core 1.0, 1.1, and 2.0 allow an malicious user to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 2.0
1 Article
7.5
CVSSv3
CVE-2018-0808
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 2.0
1 Article
8.8
CVSSv3
CVE-2018-0787
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 2.0
Microsoft Asp.net Core 1.1
7.5
CVSSv3
CVE-2018-8171
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Microsoft Asp.net Model View Controller 5.2
Microsoft Asp.net Webpages 3.2.3
Microsoft Asp.net Core 2.0
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 1.0
NA
CVE-2003-0768
Microsoft ASP.Net 1.1 allows remote malicious users to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Microsoft Asp.net 1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »