EUVD-2020-16032

Malware in sbrugna...

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application...

CVE-2020-23284

The CVE-2020-23284 entry concerns the MV IDCE application v1.0, where information disclosure can occur via crafted ASPX pages appended to the end of the URL, enabling access to internal/sensitive data without logging in. The description indicates the flaw affects end-to-end URL handling that inte...

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application...

CVE-2020-13877

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure...

Sql injection

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure...

CVE-2020-13877

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure...

CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...

CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...

CVE-2018-12596

CVE-2018-12596 affects Episerver/Ektron CMS (notably version 9.20 SP2) where remote attackers can reach the activateuser.aspx page, even when located under /WorkArea/ (normally restricted to local admins). The vulnerability is caused by improper access restrictions, permitting unauthorized enabli...

Ektron CMS 9.20 SP2 - Improper Access Restrictions Vulnerability

Exploit for asp platform in category web applications Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...

Remote file inclusion

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to 1 ldms/smactionfrm.asp or 2 remote/frmcoremainfrm.aspx; or the 3 top parameter to...

CVE-2014-5362

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to 1 ldms/smactionfrm.asp or 2 remote/frmcoremainfrm.aspx; or the 3 top parameter to...