) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2011-3417 |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." Published: December 29, 2011; 8:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
| CVE-2011-3416 |
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." Published: December 29, 2011; 8:55:01 PM -0500 |
V3.x:(not available) V2.0: 8.5 HIGH |
| CVE-2011-3415 |
Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." Published: December 29, 2011; 8:55:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2011-3414 |
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." Published: December 29, 2011; 8:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
| CVE-2010-1735 |
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. Published: May 06, 2010; 8:47:23 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
| CVE-2010-1734 |
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. Published: May 06, 2010; 8:47:23 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
| CVE-2008-4323 |
Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. Published: September 29, 2008; 4:09:59 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |