Lucene search
K

152 matches found

Cvelist
Cvelist
added 2009/03/30 1:0 a.m.29 views

CVE-2008-6540

DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default 1 ValidationKey and 2 DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys...

6.7AI score0.02495EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2008/03/21 12:0 a.m.50 views

dotnetnuke-expose.txt

=========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science [email protected] Affected Software: DotNetNuke = 4.8.1 Severity: Critical...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.92 views

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...

7.2AI score
Exploits0
Prion
Prion
added 2007/01/09 6:28 p.m.18 views

Design/Logic Flaw

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles...

5CVSS7AI score0.01222EPSS
Exploits0References5Affected Software1
exploitpack
exploitpack
added 2006/12/30 12:0 a.m.11 views

SoftArtisans SAFileUp 5.0.14 - viewsrc.asp Script Source Disclosure

SoftArtisans SAFileUp 5.0.14 - viewsrc.asp Script Source Disclosure SoftArtisans FileUp viewsrc.asp remote script source disclosure exploit Advisory Name: SoftArtisans FileUpTM viewsrc.asp remote script source disclosure exploit Tested and Confirmed Vulerable: SoftArtisans SAFileUpTM 5.0.14...

7.4AI score
Exploits0
OSV
OSV
added 2006/12/21 7:28 p.m.7 views

CVE-2006-6104

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...

6.7AI score
Exploits0References26
OSV
OSV
added 2006/12/21 7:28 p.m.5 views

DEBIAN-CVE-2006-6104

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...

5CVSS6.6AI score0.04958EPSS
Exploits1References1
securityvulns
securityvulns
added 2006/12/21 12:0 a.m.53 views

Mono XSP ASP.NET Server sourcecode disclosure vulnerability

Mono XSP ASP.NET Server sourcecode disclosure vulnerability Version: Tested on mono 1.2.1 XSP for ASP.NET 1.1 and 2.0 This is a regression as this issue didn't exists in Mono 1.0 Discovered by: Jose Ramon Palanco: jose.palancoateazeldotes http://www.eazel.es Time Line: Nov 29, 2006: Discovered...

0.5AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.23 views

IIS ASP.NET Application Trace Enabled

The ASP.NET web application running in the root directory of this web server has application tracing enabled. This would allow an attacker to view the last 50 web requests made to this server, including sensitive information like Session ID values and the physical path to the requested file...

0.1AI score
Exploits0
CVE
CVE
added 2005/08/16 4:0 a.m.44 views

CVE-2004-2323

DotNetNuke (formerly IBuySpy Workshop) 1.0.6–1.0.10d is affected. A remote attacker can obtain sensitive information, including the SQL server username and password, by performing a GET request for source or configuration files such as Web.config. This vulnerability exposes credentials and arises...

5CVSS7.5AI score0.014EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2004/09/28 12:0 a.m.21 views

Security bug in .NET Forms Authentication

Hi We believe we have discovered a serious flaw in .NET forms authentication when used to secure sub folders. A standard forms authentication setup requires the presence of "web.config" to set the authentication method and login procedure. The presence of this file prevents access to certain file...

7AI score
Exploits0
canvas
canvas
added 1970/01/01 12:0 a.m.1388 views

Immunity Canvas: IIS_MACHINEKEY

Name| iismachinekey ---|--- CVE| NO-CVE Exploit Pack| CANVAS Description| Microsoft IIS MachineKey ViewState Deserialization RCE Notes| CVE Name: NO-CVE VENDOR: http://microsoft.com Notes: IMPORTANT NOTES 3/30/2018: | Test | ind. systems verified | iismachinekey success |...

Exploits0
Rows per page
Query Builder