Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.8 views

CVE-2018-15812

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...

7.5CVSS6.8AI score0.46547EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2022/08/08 12:0 a.m.23 views

DNN (DotNetNuke) 9.2.x < 9.2.2 Multiple Vulnerabilities

DNN formerly DotNetNuke is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.7AI score0.74048EPSS
Exploits5References5
Exploit DB
Exploit DB
added 2020/04/16 12:0 a.m.240 views

DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/03 12:0 a.m.329 views

DotNetNuke Cookie Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

6.5CVSS0.5AI score0.94789EPSS
Exploits10
Circl
Circl
added 2020/04/02 3:6 p.m.26 views

CVE-2018-15812

creationtimestamp| type| source ---|---|--- 2020-04-02 15:06:54+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnncookiedeserializationrce.rb 2020-04-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48336 2025-02-06...

7.5CVSS7.5AI score0.46547EPSS
Exploits4References2
Github Security Blog
Github Security Blog
added 2019/07/05 9:8 p.m.48 views

Insufficient Entropy in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812...

7.5CVSS2.4AI score0.53618EPSS
Exploits4References5Affected Software1
Veracode
Veracode
added 2019/07/04 9:17 a.m.21 views

Information Disclosure

DNN DotNetNuke is vulnerable to information disclosure. The use of a lower-than-expected entropy caused by an incorrect convertion of the encryption key source values allow attackers to retrieve confidential information. This vulnerability exists due to an incomplete fix for CVE-2018-15812...

7.5CVSS7.1AI score0.53618EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2019/07/03 5:15 p.m.22 views

CVE-2018-15812

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy...

7.5CVSS7.5AI score
Exploits0References3
CVE
CVE
added 2019/07/03 4:39 p.m.160 views

CVE-2018-18326

Summary: CVE-2018-18326 affects DNN (DotNetNuke) 9.2 through 9.2.2, which incorrectly converts encryption key source values, yielding lower entropy. This issue is noted as stemming from an incomplete fix for CVE-2018-15812. The connected sources identify the vulnerable versions and link to relate...

7.5CVSS7.6AI score0.53618EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2019/07/03 4:35 p.m.277 views

CVE-2018-15812

CVE-2018-15812 affects DNN (DotNetNuke) versions 9.2 through 9.2.1. The issue arises from incorrect conversion of encryption key source values, yielding lower than expected entropy in keys. The documents describe related advisories (GHSA, OSV) and OpenVAS entries referencing the same entropy prob...

7.5CVSS7.4AI score0.46547EPSS
In wildExploits4References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/07/03 12:0 a.m.57 views

CVE-2018-15812

DNN aka DotNetNuke 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS3.3AI score0.46547EPSS
In wildExploits4References4
Rows per page
Query Builder