Lucene search
K

203 matches found

CVE
CVE
added 2022/06/17 4:11 p.m.64 views

CVE-2022-30422

Planet Time Enterprise by Proietti Tech Srl (versions 4.2.0.1, 4.2.0.0, 4.1.0.0, 4.0.0.0, 3.3.1.0, 3.3.0.0) is affected by CVE-2022-30422 due to a remote code execution vulnerability originating from the Viewstate parameter. The Red Hat, NVD, and CVE records consistently describe this as a remote...

10CVSS9.6AI score0.03894EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.3 views

Proietti Tech srl Planet Time Enterprise 信任管理问题漏洞

Proietti Tech Srl Proietti Tech srl Planet Time Enterprise is an attendance management software from Proietti Tech Srl, Italy. It facilitates human resource management through process automation and process simplification, making information available in real time. A security vulnerability exists...

10CVSS9.1AI score0.03894EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/05/18 12:0 a.m.40 views

Checkbox Survey 6.12 <= 6.18 RCE

Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Prior to version 7.0, Checkbox Survey implements its own View State functionality by accepting a VSTATE argument, which it then deserializes using LosFormatter. Because this data is manually handled by the...

9.8CVSS9.1AI score0.31946EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:25 a.m.38 views

GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

9.8CVSS9.1AI score0.07958EPSS
Exploits1References15
Github Security Blog
Github Security Blog
added 2022/05/13 1:25 a.m.66 views

Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

9.8CVSS8.7AI score0.07958EPSS
Exploits1References15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.27 views

Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM User Interface (CVE-2016-9714)

Summary IBM InfoSphere Master Data Management is vulnerable to a Insecure JSF ViewState found in MDM Busines Admin User Interface which could allow an attacker to execute malicious and unauthorized actions. Vulnerability Details CVEID: CVE-2016-9714 DESCRIPTION: IBM InfoSphere Master Data...

6.8CVSS0.5AI score0.00556EPSS
Exploits0Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.43 views

Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey, perform cross-site-scripting XSS attacks, compromise the ASP.NET ViewState,...

9.8CVSS8.7AI score0.75098EPSS
In wildExploits5
Tenable Nessus
Tenable Nessus
added 2021/08/05 12:0 a.m.60 views

ASP.NET ViewState Not Encrypted

The ViewState is a parameter specific to the ASP.NET framework, it's used as a breadcrumb trail when the user navigates the application preserving values and controls between different web pages. Present on the pages in the viewstate parameter, all the values are serialized and encoded in base64 ...

6.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/08/05 12:0 a.m.23 views

ASP.NET ViewState MAC Not Enabled

The ViewState is a parameter specific to the ASP.NET framework, it's used as a breadcrumb trail when the user navigates the application preserving values and controls between different web pages. Present on the pages in the viewstate parameter, all the values are serialized and encoded in base64 ...

6.7AI score
Exploits0References3
The Hacker News
The Hacker News
added 2021/08/02 11:11 a.m.436 views

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...

9.8CVSS0.5AI score0.99737EPSS
Exploits19
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.1528 views

Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://microsoft.com/sharepoint/webpartpages', 'soap' = 'http://www.w3.org/2003/05/soap-envelope', 'xsi' =...

6.5CVSS0.5AI score0.30045EPSS
Exploits5
0day.today
0day.today
added 2021/06/17 12:0 a.m.269 views

Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution Exploit

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will...

8.8CVSS8.6AI score0.30045EPSS
Exploits5
Metasploit
Metasploit
added 2021/06/16 5:43 p.m.207 views

Microsoft SharePoint Unsafe Control and ViewState RCE

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will...

8.8CVSS8.4AI score0.30045EPSS
Exploits5
GithubExploit
GithubExploit
added 2021/01/04 10:48 a.m.145 views

Exploit for Improper Authentication in Microsoft

CVE-2020-0688 A remote code execution vulnerability exists in...

9CVSS9.3AI score0.99965EPSS
Exploits30
Metasploit
Metasploit
added 2020/10/19 5:41 p.m.174 views

Microsoft SharePoint Server-Side Include and ViewState RCE

This module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config...

8.6CVSS7.8AI score0.70894EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/10/19 12:0 a.m.874 views

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

0.4AI score0.70894EPSS
Exploits5
0day.today
0day.today
added 2020/10/19 12:0 a.m.99 views

Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit

This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...

8.6CVSS0.5AI score0.70894EPSS
Exploits5
Saint
Saint
added 2020/09/25 12:0 a.m.1777 views

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

6.5CVSS8.6AI score0.98842EPSS
Exploits14
GithubExploit
GithubExploit
added 2020/08/17 12:41 p.m.100 views

Exploit for Improper Authentication in Microsoft

CVE-2020-0688 Microsoft Exchange Server Fixed Cryptographic Ke...

9CVSS9.6AI score0.99965EPSS
Exploits30
0day.today
0day.today
added 2020/05/26 12:0 a.m.131 views

Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

9.8CVSS0.7AI score0.77635EPSS
Exploits5
Rows per page
Query Builder