44 matches found
CVE-2021-39392
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...
U.S. Dept Of Defense: RCE on https://█████/ Using CVE-2017-9248
Summary: https://█████████/ is hosting an unpatched version of the Telerik DialogHandler Telerik.Web.UI.DialogHandler.aspx allowing for the machine key to be brute forced. The machine key can be used to access the DNN file manager to upload arbitrary files including ASPX giving a web shell and RC...
DotNetNuke Default Machine Key Exposure
=========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science [email protected] Affected Software: DotNetNuke = 4.8.1 Severity: Critical...
dotnetnuke-expose.txt
=========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science [email protected] Affected Software: DotNetNuke = 4.8.1 Severity: Critical...