Vulnerabilities > Microsoft > Windows NT > 2003

DATE CVE VULNERABILITY TITLE RISK
2008-08-27 CVE-2008-3843 Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
network
microsoft CWE-79
4.3
4.3
2008-08-27 CVE-2008-3842 Cross-Site Scripting vulnerability in Microsoft .Net Framework 1.0/1.1/2.0
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
network
microsoft CWE-79
4.3
4.3
2008-04-14 CVE-2008-0927 Resource Management Errors vulnerability in Microsoft Windows-Nt 2000/2003
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values.
network
low complexity
novell microsoft CWE-399
5.0
5.0