EUVD-2022-4007

Malicious code in bioql PyPI...

DotNetNuke Default Machine Key Exposure

DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default 1 ValidationKey and 2 DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys...

Exchange Control Panel Viewstate Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. Recent assessments: zeroSteiner at February 26, 2020 5:02pm UTC reported: This is a serialization bug...

CVE-2008-6540

DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default 1 ValidationKey and 2 DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys...

DNN (DotNetNuke) Upgrade Process ValidationKey Generation Weakness Privilege Escalation

The version of DNN installed on the remote host appears to be using a default machine key, both 'ValidationKey' and 'DecryptionKey', for authentication token encryption and validation. A remote attacker can leverage this issue to bypass authentication and gain administrative access to the affecte...