In Microsoft Windows, by using the poorly documented SE_SERVER_SECURITY Control flag it is possible to set an owner different to the caller, bypassing security checks.

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Secunia Security Advisory - A vulnerability has been reported in CuteSoft Cute Editor for ASP.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.

ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.

Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

ASP Forums version 2.1 suffers from a database disclosure vulnerability.

ASP webshell backdoor designed specifically for IIS 8.

CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability.

The ZyXEL P-660HN-T1 V2 rpWLANRedirect.asp page is missing authentication and discloses an administrator password.