Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:microsoft:asp.net:-:*:*:*:*:*:*:*
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2008-0333

Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.

Published: January 17, 2008; 5:00:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1364

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Published: March 23, 2006; 6:06:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2005-2224

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

Published: July 12, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0847

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

Published: November 03, 2004; 12:00:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH