203 matches found
CVE-2022-30422
Planet Time Enterprise by Proietti Tech Srl (versions 4.2.0.1, 4.2.0.0, 4.1.0.0, 4.0.0.0, 3.3.1.0, 3.3.0.0) is affected by CVE-2022-30422 due to a remote code execution vulnerability originating from the Viewstate parameter. The Red Hat, NVD, and CVE records consistently describe this as a remote...
Proietti Tech srl Planet Time Enterprise 信任管理问题漏洞
Proietti Tech Srl Proietti Tech srl Planet Time Enterprise is an attendance management software from Proietti Tech Srl, Italy. It facilitates human resource management through process automation and process simplification, making information available in real time. A security vulnerability exists...
Checkbox Survey 6.12 <= 6.18 RCE
Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Prior to version 7.0, Checkbox Survey implements its own View State functionality by accepting a VSTATE argument, which it then deserializes using LosFormatter. Because this data is manually handled by the...
GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...
Apache MyFaces Trinidad Deserialization Vulnerability
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...
Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714)
Summary IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM Busines Admin User Interface which could allow an attacker to execute malicious and unauthorized actions. Vulnerability Details CVEID: CVE-2016-9714 DESCRIPTION: IBM InfoSphere Master Data...
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey, perform cross-site-scripting XSS attacks, compromise the ASP.NET ViewState,...
ASP.NET ViewState Not Encrypted
The ViewState is a parameter specific to the ASP.NET framework, it's used as a breadcrumb trail when the user navigates the application preserving values and controls between different web pages. Present on the pages in the viewstate parameter, all the values are serialized and encoded in base64 ...
ASP.NET ViewState MAC Not Enabled
The ViewState is a parameter specific to the ASP.NET framework, it's used as a breadcrumb trail when the user navigates the application preserving values and controls between different web pages. Present on the pages in the viewstate parameter, all the values are serialized and encoded in base64 ...
New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits
A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://microsoft.com/sharepoint/webpartpages', 'soap' = 'http://www.w3.org/2003/05/soap-envelope', 'xsi' =...
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution Exploit
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will...
Microsoft SharePoint Unsafe Control and ViewState RCE
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will...
Exploit for Improper Authentication in Microsoft
CVE-2020-0688 A remote code execution vulnerability exists in...
Microsoft SharePoint Server-Side Include and ViewState RCE
This module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config...
Microsoft SharePoint SSI / ViewState Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...
Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit
This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...
Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability
Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...
Exploit for Improper Authentication in Microsoft
CVE-2020-0688 Microsoft Exchange Server Fixed Cryptographic Ke...
Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...