77 matches found
EUVD-2015-4447
Malware in sbrugna...
EUVD-2014-2757
Malware in sbrugna...
EUVD-2015-3666
Malware in sbrugna...
Ektron CMS 9 Database Disclosure
Exploit Title : Ektron CMS 9 Database Disclosure Exploit Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/04/2019 Vendor Homepage : ektron.com episerver.com/products/platform/ektron/ Software Download Link :...
CVE-2018-12596
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...
CVE-2018-12596
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...
Design/Logic Flaw
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...
CVE-2018-12596
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...
CVE-2018-12596
CVE-2018-12596 affects Episerver/Ektron CMS (notably version 9.20 SP2) where remote attackers can reach the activateuser.aspx page, even when located under /WorkArea/ (normally restricted to local admins). The vulnerability is caused by improper access restrictions, permitting unauthorized enabli...
Ektron CMS 9.20 SP2 - Improper Access Restrictions Vulnerability
Exploit for asp platform in category web applications Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...
Ektron CMS 9.20 SP2 - Improper Access Restrictions
Ektron CMS 9.20 SP2 - Improper Access Restrictions Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...
Ektron CMS 9.20 SP2 Improper Access Restrictions
Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...
Ektron CMS 9.20 SP2 - Improper Access Restrictions
Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...
Design/Logic Flaw
Ektron Content Management System CMS before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data...
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5357
Ektron Content Management System CMS before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data...
Authentication flaw
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5358
Affected software: Ektron Content Management System (CMS) prior to 8.02 SP5. Vulnerable component: XslCompiledTransform/XSLT processing configured with insecure flags (enableDocumentFunction or enablescript) in ekajaxtransform.aspx. Root cause: Improper XSLT handling allows crafted XSL data to tr...
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5357
CVE-2012-5357 affects Ektron CMS prior to 8.02 SP5. The vulnerability arises from XslCompiledTransform with enablescript set to true, allowing remote code execution with NETWORK SERVICE privileges via crafted XSL data. Documentation and third-party sources confirm RCE potential in Ektron’s XSLT h...