CVE-2019-9845

The CVE-2019-9845 entry affects Madskristensen Miniblog.Core up to 2019-01-16. The underlying issue is in SaveFilesToDisk (Controllers/BlogController.cs): it writes a decoded base64 string to a file without validating the target file extension, enabling a remote attacker to execute arbitrary ASPX...

Design/Logic Flaw

Jenzabar JICS aka Internet Campus Solution before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager for .NET plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer...

SQL injection vulnerability in Us***_Ro***.aspx file in the background of Qixing intranet OA system.

Qixing OA system formerly Qixing Portal system contains news, notifications, documents, gallery and process form content. A SQL injection vulnerability exists in the backend of Qixing Intranet OA System, which can be exploited by attackers to manipulate the database...

SQL injection vulnerability in My***.aspx file in the background of Qixing intranet OA system

Qixing OA system formerly Qixing Portal system contains news, notifications, documents, gallery and process form content. A SQL injection vulnerability exists in the My.aspx file in the background of the Qixing Intranet OA System, which can be exploited by attackers to manipulate the database...

SQL Injection Vulnerability in eDoc Backend fo***.aspx Page

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. Electronic document library eDoc background fo.aspx page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

U.S. Dept Of Defense: RCE on https://█████/ Using CVE-2017-9248

Summary: https://█████████/ is hosting an unpatched version of the Telerik DialogHandler Telerik.Web.UI.DialogHandler.aspx allowing for the machine key to be brute forced. The machine key can be used to access the DNN file manager to upload arbitrary files including ASPX giving a web shell and RC...

SQL Injection Vulnerability in Lo***.aspx Page of Integrated Water Supply Management Platform

Wuhan Jinshuilai Technology Development Co., Ltd. is a high-tech enterprise specializing in water management informationization, automation and intelligent construction. There is a SQL injection vulnerability in the Lo.aspx page of the integrated water management platform, which can be exploited ...

PT-2018-14577 · Microstrategy · Microstrategy Analytics

Name of the Vulnerable Software and Affected Versions: Microstrategy Analytics versions prior to 10.4.0026.0049 Description: The issue concerns a CSRF problem in the main.aspx file. The vendor has provided documentation for preventing CSRF attacks, but there is a disagreement on whether this issu...

Axioscloud Sissiweb Registro Elettronico 7.0.0 - Error_desc Cross-Site Scripting Vulnerability

Exploit for asp platform in category web applications Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Errordesc' Cross-Site Scripting Exploit Author: Dino Barlattani Vendor Homepage: http://axiositalia.it/ Software Link: http://axiositalia.it/?pageid=1907 Version: 1.7.0/7.0.0...

Axioscloud Sissiweb Registro Elettronico 7.0.0 - Error_desc Cross-Site Scripting

Axioscloud Sissiweb Registro Elettronico 7.0.0 - Errordesc Cross-Site Scripting Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Errordesc' Cross-Site Scripting Dork: n/a Date: 2018-10-11 Exploit Author: Dino Barlattani Vendor Homepage: http://axiositalia.it/ Software Link:...

Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting

Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Errordesc' Cross-Site Scripting Dork: n/a Date: 2018-10-11 Exploit Author: Dino Barlattani Vendor Homepage: http://axiositalia.it/ Software Link: http://axiositalia.it/?pageid=1907 Version: 1.7.0/7.0.0 Category: Webapps Platform: AS...

CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...

Design/Logic Flaw

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...

CVE-2018-12596

CVE-2018-12596 affects Episerver/Ektron CMS (notably version 9.20 SP2) where remote attackers can reach the activateuser.aspx page, even when located under /WorkArea/ (normally restricted to local admins). The vulnerability is caused by improper access restrictions, permitting unauthorized enabli...

CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...

Ektron CMS 9.20 SP2 - Improper Access Restrictions Vulnerability

Exploit for asp platform in category web applications Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...

CVE-2012-10054

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/umbracouploadaspx.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

ez-robot.com XSS vulnerability

Open Bug Bounty ID: OBB-569330 Description| Value ---|--- Affected Website:| ez-robot.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Web Shell Detector - PHP Script That Helps You Find And Identify PHP / CGI (Perl) / ASP / ASPX Shells

Web Shell Detector is a php script that helps you find and identify php/cgiperl/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and...

Trend Micro Control Manager ProductTree_TreeManagement1 XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...