11 matches found
CVE-2018-15812
DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...
DNN (DotNetNuke) 9.2.x < 9.2.2 Multiple Vulnerabilities
DNN formerly DotNetNuke is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...
DotNetNuke Cookie Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...
CVE-2018-15812
creationtimestamp| type| source ---|---|--- 2020-04-02 15:06:54+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnncookiedeserializationrce.rb 2020-04-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48336 2025-02-06...
Insufficient Entropy in DotNetNuke
DNN aka DotNetNuke 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812...
Information Disclosure
DNN DotNetNuke is vulnerable to information disclosure. The use of a lower-than-expected entropy caused by an incorrect convertion of the encryption key source values allow attackers to retrieve confidential information. This vulnerability exists due to an incomplete fix for CVE-2018-15812...
CVE-2018-15812
DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...
CVE-2018-18326
Summary: CVE-2018-18326 affects DNN (DotNetNuke) 9.2 through 9.2.2, which incorrectly converts encryption key source values, yielding lower entropy. This issue is noted as stemming from an incomplete fix for CVE-2018-15812. The connected sources identify the vulnerable versions and link to relate...
CVE-2018-15812
CVE-2018-15812 affects DNN (DotNetNuke) versions 9.2 through 9.2.1. The issue arises from incorrect conversion of encryption key source values, yielding lower than expected entropy in keys. The documents describe related advisories (GHSA, OSV) and OpenVAS entries referencing the same entropy prob...
CVE-2018-15812
DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...