4 matches found
Directory traversal
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...
BlogEngine.NET 3.3.6 / 3.3.7 Theme Cookie Directory Traversal / Remote Code Execution
Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ============== BlogEngine.NET is vulnerable to a Directory Traversal through th...
BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution
BlogEngine.NET, versions 3.3.7 and earlier, is vulnerable to two separate Directory Traversal issues that can lead to Remote Code Execution. CVE-2019-10719 exploits a directory traversal in /api/upload, allowing users to write files to any location within the web root. This bypasses the protectio...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to a index.php, or the 2 search parameter or 3 theme cookie to b recherche.php...