BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1...

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution

Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description ============== BlogEngine.NET is vulnerable to an Directory Traversal on...

BlogEngine.NET 3.3.6/3.3.7 - theme Cookie Directory Traversal / Remote Code Execution Exploit

Exploit for asp platform in category web applications Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ==============...

BlogEngine.NET 3.3.6 / 3.3.7 Theme Cookie Directory Traversal / Remote Code Execution

Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ============== BlogEngine.NET is vulnerable to a Directory Traversal through th...

BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution Vulnerability #RCE

BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution. BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate Directory Traversal issues that can lead to Remote Code Execution. CVE-2019-10719...

BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description...

BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution

BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate Directory Traversal issues that can lead to Remote Code Execution. CVE-2019-10719 exploits a directory traversal in /api/upload, allowing users to write files to any location within the web root. This bypasses the protectio...

Design/Logic Flaw

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...

CVE-2018-14485

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...

CVE-2018-14485

CVE-2018-14485 affects BlogEngine.NET 3.3. It is a XML External Entity (XXE) Injection vulnerability triggered by a POST to /metaweblog.axd, due to insufficient XXE handling. Public advisories (e.g., Netsparker) document the issue and note the status as Not Fixed. Impact is high; CVSS data indica...

CVE-2018-14485

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...

CVE-2019-6714

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if a...

CVE-2019-6714

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if a...

Path traversal

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if a...

CVE-2019-6714

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if a...

CVE-2019-6714

BlogEngine.NET 3.3.6.0 and earlier is affected by CVE-2019-6714: a path traversal and Local File Inclusion in PostList.ascx.cs allows unauthenticated users to load PostView.ascx from the local filesystem; featured risk if an authenticated user uploads a PostView.ascx via the file manager, enablin...

BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution

BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link:...

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution Vulnerabilities

Exploit for asp platform in category web applications Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link:...

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution

Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link: https://github.com/rxtur/BlogEngine.NET/releases/download/v3.3.6.0/3360.zip Version: = 3.3.6 Tested on: Windows 2016...

BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution

Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link: https://github.com/rxtur/BlogEngine.NET/releases/download/v3.3.6.0/3360.zip Version: = 3.3.6 Tested on: Windows 2016...