CVE-2022-27249

CVE-2022-27249 describes an unrestricted file upload in IdeaRE RefTree prior to 2021.09.17. The vulnerability allows remote authenticated users to upload a crafted aspx file to the web root via the UploadDwg feature and then access the resource to execute arbitrary code. Impact is high (remote co...

showdoc .aspx file upload vulnerability (CNVD-2022-20513)

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .aspx file extensions in the application's file upload functionality. An attacker could use this...

GHSA-9FCC-7G44-MXRJ Cross-site Scripting in ShowDoc

ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via uploading files with files in .xsd, .asa, and .aspx formats...

showdoc .aspx file upload vulnerability

showdoc is an open source tool ideal for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability, which stems from the lack of valid detection of .aspx file extensions in the application's file upload feature. An attacker could exploit this...

Stored XSS due to Unrestricted File Upload

Description Stored XSS via uploading files in .xsd, .asa and .aspx already mentioned in previous report formats. Proof of Concept For .xsd filename="poc.xsd" alert1 For .asa and .aspx filename="poc.asa" alert1 Steps to Reproduce 1.Login into showdoc.com.cn.\ 2.Navigate to file library...

Unrestricted file upload leads to stored XSS

Description A user can bypass checking and upload .aspx file which lead to stored XSS. Proof of Concept Log in as admin: https://demo.microweber.org/demo/admin/ Go to Websites Edit a page. Under Pictures, choose Add files Instead of uploading a normal picture, use the below request to upload an...

Sql injection

Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx...

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2020-23284

The CVE-2020-23284 entry concerns the MV IDCE application v1.0, where information disclosure can occur via crafted ASPX pages appended to the end of the URL, enabling access to internal/sensitive data without logging in. The description indicates the flaw affects end-to-end URL handling that inte...

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application...

SQL Injection Vulnerability in Qilai OA Cl***.aspx File

Xi'an Huatian Synergy Information Technology Co., Ltd. is a company whose business scope includes: sales of computer software and hardware, computer network engineering, design of security monitoring engineering, etc.. A SQL injection vulnerability exists in the Qilai OA Cl.aspx file, which can b...

File Upload Vulnerability in Flash Flood Monitoring and Early Warning Distribution System of Siltronic Technology Co.

Siltronic Ltd. is an information service provider for disaster reduction and profitability. An arbitrary file upload vulnerability exists in the Flash Flood Detection and Early Warning Platform of Sicron Technology Limited, which allows an attacker to upload an aspx file to gain access to the...

Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 10, 2021 7:13am UTC reported: When used with CVE-2021-26855, an unauthenticated SSRF, CVE-2021-27065 yields unauthed, SYSTEM-level RCE against a vulnerable Exchange Server. On its own, exploiting thi...

Remote code execution

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...