← Back

Xsp

xsp

Vendor: Mono • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2006-6104
1Mono
1Xsp
Apr 23, 2026
Dec 21, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read...Show more
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.Show less
CVE-2006-2658
2Mono
Suse
3Suse Linux
Suse Open Enterprise ServerXsp
Apr 16, 2026
Sep 12, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .....Show more
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.Show less