BlogEngine.NET 路径遍历漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. A security vulnerability exists in BlogEngine.NET v3.3.8.0, which can be exploited by an attacker to delete files in the root directory of the web server via a crafted HTTP request...

CVE-2019-10721

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx...

CVE-2019-10721

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

Design/Logic Flaw

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx...

Directory traversal

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-10717

CVE-2019-10717 affects BlogEngine.NET 3.3.7.0 via /api/filemanager?path=, allowing Directory Traversal / Local File Inclusion. The Nuclei template confirms /api/filemanager local file inclusion and describes impact: read sensitive files and potentially broader compromise. Exploitation details in ...

CVE-2019-10721

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx...

CVE-2019-10721

CVE-2019-10721 affects BlogEngine.NET 3.3.7.0 and allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. The connected records confirm the vulnerability exists in this product/version and describe the...

BlogEngine.NET 3.3.6/3.3.7 - (path) Directory Traversal Vulnerability

Exploit for asp platform in category web applications Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET i...

BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal

Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET is vulnerable to a directory traversal. The page...

BlogEngine.NET 3.3.6 / 3.3.7 path Directory Traversal

Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET is vulnerable to a directory traversal. The page...

CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd...

CVE-2019-11392

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd...

CVE-2019-10718

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs...

CVE-2019-10720

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...

CVE-2019-10718

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs...

CVE-2019-10719

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...