Lucene search
K

12 matches found

Nuclei
Nuclei
added 2 days ago24 views

DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.1 use a weak encryption algorithm to protect input parameters. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code execution. id: CVE-2018-15811 info: name: DotNetNuke...

7.5CVSS7.3AI score0.74048EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2022/08/08 12:0 a.m.23 views

DNN (DotNetNuke) 9.2.x < 9.2.2 Multiple Vulnerabilities

DNN formerly DotNetNuke is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.7AI score0.74048EPSS
Exploits5References5
Check Point Advisories
Check Point Advisories
added 2021/12/16 12:0 a.m.22 views

Dnnsoftware DotNetNuke Remote Code Execution (CVE-2018-15811)

A Remote Code Execution vulnerability exists in Dnnsoftware DotNetNuke. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5CVSS6.1AI score0.74048EPSS
Exploits4
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-18325

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811...

7.5CVSS7.1AI score0.74048EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2021/10/29 12:0 a.m.62 views

DNN (DotNetNuke) 9.2 <= 9.2.2 Weak Encryption Algorithm Vulnerability

The version of DNN Platform formerly DotNetNuke running on the remote host is 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

7.5CVSS7.5AI score0.74048EPSS
Exploits5References3
Exploit DB
Exploit DB
added 2020/04/16 12:0 a.m.239 views

DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/03 12:0 a.m.327 views

DotNetNuke Cookie Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

6.5CVSS0.5AI score0.94789EPSS
Exploits10
Circl
Circl
added 2020/04/02 3:6 p.m.13 views

CVE-2018-15811

creationtimestamp| type| source ---|---|--- 2020-04-02 15:06:54+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnncookiedeserializationrce.rb 2020-04-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48336 2021-11-08...

7.5CVSS7.1AI score0.74048EPSS
Exploits4References10
Github Security Blog
Github Security Blog
added 2019/07/05 9:8 p.m.74 views

Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

7.5CVSS3.9AI score0.74048EPSS
Exploits4References6Affected Software1
CVE
CVE
added 2019/07/03 4:37 p.m.1103 views

CVE-2018-18325

Summary: CVE-2018-18325 affects DNN (DotNetNuke) platforms running version 9.2 through 9.2.2. The issue is an inadequate encryption strength for input parameters, arising from an incomplete fix for CVE-2018-15811. The vulnerability is tied to the use of a weak encryption algorithm in protecting i...

7.5CVSS7.5AI score0.74048EPSS
In wildExploits4References4Affected Software1
Vulnrichment
Vulnrichment
added 2019/07/03 4:23 p.m.15 views

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

7.4AI score0.74048EPSS
Exploits4References3
CVE
CVE
added 2019/07/03 4:23 p.m.1126 views

CVE-2018-15811

CVE-2018-15811 – DNN series (DotNetNuke) vulnerable to weak encryption . The provided sources confirm that DNN platforms running 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters (notably in cookies), representing a vulnerability in the protection of parameter data. Th...

7.5CVSS7.3AI score0.74048EPSS
In wildExploits4References4Affected Software1
Rows per page
Query Builder