U.S. Dept Of Defense: RCE on https://█████/ Using CVE-2017-9248

Summary: https://█████████/ is hosting an unpatched version of the Telerik DialogHandler Telerik.Web.UI.DialogHandler.aspx allowing for the machine key to be brute forced. The machine key can be used to access the DNN file manager to upload arbitrary files including ASPX giving a web shell and RC...

Sitefinity < 10.0.6412.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is prior to 10.0.6412.0. It is, therefore, affected by multiple vulnerabilities in Telerik DialogHandler and RadAsyncUpload : - A cryptographic weakness exists in Telerik.Web.UI that can be exploited to disclose encryption keys - An...