Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2025/10/30 10:9 p.m.6 views

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

6.9CVSS7AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 12:31 a.m.4 views

EUVD-2025-36740

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

6.9CVSS6.5AI score0.00249EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 10:15 p.m.5 views

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2025/10/29 9:54 p.m.22 views

CVE-2025-61959

The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...

6.9CVSS6.6AI score0.00249EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/29 9:54 p.m.2 views

CVE-2025-61959 Vertikal Systems Hospital Manager Backend Services Generation of Error Message Containing Sensitive Information

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

6.9CVSS6.6AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.6 views

Vertikal Systems Hospital Manager Backend Services 安全漏洞

Vertikal Systems Hospital Manager Backend Services is a hospital information management system from Vertikal Systems, Romania. A security vulnerability exists in Vertikal Systems Hospital Manager Backend Services versions prior to September 19, 2025, which stems from the exposure of an...

8.7CVSS6.4AI score0.00411EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/05/08 2:55 p.m.6 views

U.S. Dept Of Defense: Reflected XSS in `Telerik.ReportViewer.axd` with F5 BIG-IP ASM Bypass on `████`

A reflected cross-site scripting XSS vulnerability was discovered in the Telerik.ReportViewer.axd endpoint on the staging subdomain. The vulnerability was exploited by leveraging an unsupported event handler that was not filtered by the F5 BIG-IP Application Security Manager ASM WAF. An obfuscate...

5.8AI score
Exploits0
OSV
OSV
added 2024/02/21 8:15 p.m.3 views

CVE-2024-25461

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...

7.5CVSS5.9AI score0.00965EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/08/08 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-25461

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...

7.5CVSS5.8AI score0.00965EPSS
Exploits0References1
OSV
OSV
added 2022/10/18 2:15 p.m.7 views

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

7.5CVSS5.8AI score0.01101EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/17 12:0 a.m.24 views

showdoc .cshtml file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .cshtml and .axd file extensions in the application's file upload functionality. An attacker could exploit th...

9CVSS1.3AI score0.00797EPSS
Exploits1References1
OSV
OSV
added 2022/03/16 12:0 a.m.19 views

GHSA-VPWQ-6CP4-FFQC Stored Cross-site Scripting in ShowDoc

ShowDoc prior to version 2.10.4 is vulnerable to stored cross-site scripting viva axd and cshtml file upload...

5.4CVSS5.1AI score0.00797EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.3 views

showdoc跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .cshtml and .axd file extensions in the application's file upload functionality. An attacker could exploit th...

9CVSS5.8AI score0.00797EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/06/21 12:0 a.m.3 views

PT-2019-12278 · Microsoft · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET versions 3.3.7 and earlier Description: The issue allows for an out-of-band XML External Entity XXE attack via an apml file to the "syndication.axd" API endpoint. This can potentially lead to unauthorized access to sensitive...

7.5CVSS7.1AI score0.01582EPSS
Exploits1References5
OSV
OSV
added 2019/05/07 6:29 p.m.5 views

CVE-2018-14485

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...

9.8CVSS5.8AI score0.16287EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2011/01/08 12:0 a.m.31 views

Axd CMS 0.1.1 Local File Inclusion

\ \ \ / / / \ / / / |// / / // // / / / // // / // // / // // / //|| priasantai.uni.cc | team-elite.us axdcms-0.1.1 === Local File Include Vulnerbility Author : n0n0x Homepage: http://priasantai.uni.cc/ Download script :...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/10/20 12:0 a.m.37 views

Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)

Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...

7.4AI score
Exploits0
Rows per page
Query Builder