17 matches found
CVE-2025-61959
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
EUVD-2025-36740
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
CVE-2025-61959
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
CVE-2025-61959
The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...
CVE-2025-61959 Vertikal Systems Hospital Manager Backend Services Generation of Error Message Containing Sensitive Information
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...
Vertikal Systems Hospital Manager Backend Services 安全漏洞
Vertikal Systems Hospital Manager Backend Services is a hospital information management system from Vertikal Systems, Romania. A security vulnerability exists in Vertikal Systems Hospital Manager Backend Services versions prior to September 19, 2025, which stems from the exposure of an...
U.S. Dept Of Defense: Reflected XSS in `Telerik.ReportViewer.axd` with F5 BIG-IP ASM Bypass on `████`
A reflected cross-site scripting XSS vulnerability was discovered in the Telerik.ReportViewer.axd endpoint on the staging subdomain. The vulnerability was exploited by leveraging an unsupported event handler that was not filtered by the F5 BIG-IP Application Security Manager ASM WAF. An obfuscate...
CVE-2024-25461
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...
VulnCheck KEV: CVE-2024-25461
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
showdoc .cshtml file upload vulnerability
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .cshtml and .axd file extensions in the application's file upload functionality. An attacker could exploit th...
GHSA-VPWQ-6CP4-FFQC Stored Cross-site Scripting in ShowDoc
ShowDoc prior to version 2.10.4 is vulnerable to stored cross-site scripting viva axd and cshtml file upload...
showdoc跨站脚本漏洞
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .cshtml and .axd file extensions in the application's file upload functionality. An attacker could exploit th...
PT-2019-12278 · Microsoft · Blogengine.Net
Name of the Vulnerable Software and Affected Versions: BlogEngine.NET versions 3.3.7 and earlier Description: The issue allows for an out-of-band XML External Entity XXE attack via an apml file to the "syndication.axd" API endpoint. This can potentially lead to unauthorized access to sensitive...
CVE-2018-14485
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...
Axd CMS 0.1.1 Local File Inclusion
\ \ \ / / / \ / / / |// / / // // / / / // // / // // / // // / //|| priasantai.uni.cc | team-elite.us axdcms-0.1.1 === Local File Include Vulnerbility Author : n0n0x Homepage: http://priasantai.uni.cc/ Download script :...
Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)
Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...