EUVD-2025-208329

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

CVE-2025-70995

CVE-2025-70995 concerns Aranda Service Desk Web Edition (ASDK API 8.6). An authenticated user can upload a crafted web.config via POST to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime, altering the upload directory’s execution context to allow compilation and execution...

EUVD-2018-6689

Malware in sbrugna...

Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization

A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...

CVE-2025-28367

mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...

CVE-2025-28367

mojoPortal =2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey...

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

Microsoft SharePoint SSI / ViewState Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...

FAQ: Where is the setting to enable multiple monitors?

Q:Where is the setting to enable multiple monitors? A : To enable multiple monitors edit the web.config file in the StoreWeb -directory on the StoreFront server. The default location isc:\inetpub\wwwroot\citrix\Storeweb. In the web.config file, change showDesktopViewer=true to...

academiadoaprendiz.com.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-636740 Description| Value ---|--- Affected Website:| academiadoaprendiz.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

DotNetNuke DNNarticle Module 11 - Directory Traversal

Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

Code injection

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

DotNetNuke DNNarticle Directory Traversal Vulnerability

Exploit for asp platform in category web applications 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian 02. Vulnerability Information OVE-ID: CVE-2018-912...

Password settings in Web.Config file for PNAgent changes automatically when "Configure XenApp Services Support" Console is opened in Storefront Snapin.

You have modified web.config file manually or using EnablePnaForStore.ps1 for PNAgent site for the Password Options. When you open "Configure XenApp Services Support" Console and click OK on it, the settings change back...

Desktop Viewer is Showing Up Even though it has been Disabled Through the web.config File

Desktop Viewer is showing up even though it has been disabled through the web.config file...

Mono XSP ASP.NET Server sourcecode disclosure vulnerability

Mono XSP ASP.NET Server sourcecode disclosure vulnerability Version: Tested on mono 1.2.1 XSP for ASP.NET 1.1 and 2.0 This is a regression as this issue didn't exists in Mono 1.0 Discovered by: Jose Ramon Palanco: jose.palancoateazeldotes http://www.eazel.es Time Line: Nov 29, 2006: Discovered...