Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asp.net vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48003
An open redirect through HTML injection in user messages in Asp.Net Zero prior to 12.3.0 allows remote malicious users to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
Aspnetzero Asp.net Zero
383
VMScore
CVE-2010-2088
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote malicious users to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
Microsoft Asp.net 3.5
1 Github repository
605
VMScore
CVE-2003-0768
Microsoft ASP.Net 1.1 allows remote malicious users to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Microsoft Asp.net 1.1
NA
CVE-2023-36558
ASP.NET Core - Security Feature Bypass Vulnerability
Microsoft Visual Studio 2022
Microsoft .net 8.0.0
Microsoft .net
Microsoft Asp.net Core 8.0.0
Microsoft Asp.net Core
605
VMScore
CVE-2018-0784
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.
Microsoft Asp.net Core 2.0
383
VMScore
CVE-2018-0785
ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".
Microsoft Asp.net Core 2.0
1 Article
445
VMScore
CVE-2019-0815
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Microsoft Asp.net Core 2.2
1 Article
383
VMScore
CVE-2017-11879
ASP.NET Core 2.0 allows an malicious user to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Microsoft Asp.net Core 2.0
445
VMScore
CVE-2006-2918
The Lanap BotDetect APS.NET CAPTCHA component prior to 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote malicious users to conduct automated attacks by "replaying the ViewState for a known number."
Lanap Botdetect Captcha Asp.net
409
VMScore
CVE-2021-43877
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
Microsoft Asp.net Core 3.1
Microsoft Asp.net Core 5.0
Microsoft Visual Studio 2019 16.7
Microsoft Visual Studio 2019 16.9
Microsoft Visual Studio 2019 16.11
Microsoft Visual Studio 2022 17.0
Microsoft Asp.net Core 6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »