Vulnerabilities > Microsoft > NET Framework > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-12 | CVE-2014-0257 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." | 9.3 |
| 2013-07-10 | CVE-2013-3132 | Code Injection vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." | 9.3 |
| 2012-05-09 | CVE-2012-0161 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | 9.3 |
| 2012-05-09 | CVE-2012-0160 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | 9.3 |
| 2012-04-10 | CVE-2012-0163 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." | 9.3 |
| 2010-05-27 | CVE-2010-2085 | Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0 The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. | 4.3 |
| 2008-08-27 | CVE-2008-3843 | Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. | 4.3 |
| 2008-08-27 | CVE-2008-3842 | Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. | 4.3 |
| 2007-07-10 | CVE-2007-0043 | Buffer Errors vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". | 9.3 |
| 2007-07-10 | CVE-2007-0042 | Information Exposure vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." | 7.8 |