152 matches found
CVE-2008-6540
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default 1 ValidationKey and 2 DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys...
dotnetnuke-expose.txt
=========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science [email protected] Affected Software: DotNetNuke = 4.8.1 Severity: Critical...
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...
Design/Logic Flaw
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...
SoftArtisans SAFileUp 5.0.14 - viewsrc.asp Script Source Disclosure
SoftArtisans SAFileUp 5.0.14 - viewsrc.asp Script Source Disclosure SoftArtisans FileUp viewsrc.asp remote script source disclosure exploit Advisory Name: SoftArtisans FileUpTM viewsrc.asp remote script source disclosure exploit Tested and Confirmed Vulerable: SoftArtisans SAFileUpTM 5.0.14...
CVE-2006-6104
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...
DEBIAN-CVE-2006-6104
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...
Mono XSP ASP.NET Server sourcecode disclosure vulnerability
Mono XSP ASP.NET Server sourcecode disclosure vulnerability Version: Tested on mono 1.2.1 XSP for ASP.NET 1.1 and 2.0 This is a regression as this issue didn't exists in Mono 1.0 Discovered by: Jose Ramon Palanco: jose.palancoateazeldotes http://www.eazel.es Time Line: Nov 29, 2006: Discovered...
IIS ASP.NET Application Trace Enabled
The ASP.NET web application running in the root directory of this web server has application tracing enabled. This would allow an attacker to view the last 50 web requests made to this server, including sensitive information like Session ID values and the physical path to the requested file...
CVE-2004-2323
DotNetNuke (formerly IBuySpy Workshop) 1.0.6–1.0.10d is affected. A remote attacker can obtain sensitive information, including the SQL server username and password, by performing a GET request for source or configuration files such as Web.config. This vulnerability exposes credentials and arises...
Security bug in .NET Forms Authentication
Hi We believe we have discovered a serious flaw in .NET forms authentication when used to secure sub folders. A standard forms authentication setup requires the presence of "web.config" to set the authentication method and login procedure. The presence of this file prevents access to certain file...
Immunity Canvas: IIS_MACHINEKEY
Name| iismachinekey ---|--- CVE| NO-CVE Exploit Pack| CANVAS Description| Microsoft IIS MachineKey ViewState Deserialization RCE Notes| CVE Name: NO-CVE VENDOR: http://microsoft.com Notes: IMPORTANT NOTES 3/30/2018: | Test | ind. systems verified | iismachinekey success |...