51 matches found
CVE-2020-13166
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...
CVE-2020-13166
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers’ installations in web.config, and can be used to send serialized ASP code. Recent assessments: wvu-r7 at May 21, 2020 5:50am UTC reported: Metasplo...
Telerik Web UI Information Disclosure (CVE-2017-9248)
A security bypass vulnerability exists in Telerik Web UI. Successful exploitation of this vulnerability can lead to cross-site scripting, arbitrary file uploads and downloads, leak of MachineKey and compromise of the ASP.NET ViewState on the affected system...
Telerik Web UI contains cryptographic weakness
Overview The Telerik Web UI, versions R2 2017 2017.2.503 and prior, is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys. Description CWE-326: Inadequate Encryption Strength - CVE-2017-9248The Telerik.Web.UI.dll is vulnerable to a cryptographic...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
CVE-2017-9248
CVE-2017-9248 affects Progress Telerik UI for ASP.NET AJAX (and Sitefinity) prior to R2 2017 SP1 / 10.0.6412.0. The vulnerability lies in Telerik.Web.UI.dll handling of the Telerik.Web.UI.DialogParametersEncryptionKey and the MachineKey, enabling an attacker to defeat cryptographic protection and...
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leadi...
Immunity Canvas: IIS_MACHINEKEY
Name| iismachinekey ---|--- CVE| NO-CVE Exploit Pack| CANVAS Description| Microsoft IIS MachineKey ViewState Deserialization RCE Notes| CVE Name: NO-CVE VENDOR: http://microsoft.com Notes: IMPORTANT NOTES 3/30/2018: | Test | ind. systems verified | iismachinekey success |...