Lucene search
K

152 matches found

Prion
Prion
added 2020/05/19 8:15 p.m.25 views

Hardcoded credentials

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...

7.5CVSS9.8AI score0.77635EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2020/05/19 7:29 p.m.228 views

CVE-2020-13166

CVE-2020-13166 affects MyLittleAdmin 3.8 and earlier when the web.config contains a hardcoded machineKey shared among installations. This enables unauthenticated remote code execution via serialized ASP.NET code through the ViewState/ deserialization pathway. Public references describe an in-brow...

9.8CVSS9.8AI score0.77635EPSS
Exploits5References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/05/19 12:0 a.m.39 views

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers’ installations in web.config, and can be used to send serialized ASP code. Recent assessments: wvu-r7 at May 21, 2020 5:50am UTC reported: Metasplo...

9.8CVSS6.5AI score0.77635EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.13 views

Fedora 31 : drupal7 (2019-4917943339)

RPM notes : - All docs are now in /usr/share/doc/drupal7/ - All licenses are now in /usr/share/licenses/drupal7/ - Requires have been updated to include all phpcompatinfo extension findings 7.69 Maintenance and security release of the Drupal 7 series. This release fixes security vulnerabilities...

5.7AI score
Exploits0References3
OSV
OSV
added 2019/08/22 3:15 p.m.4 views

CVE-2019-11029

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...

7.5CVSS5.8AI score0.0244EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.38 views

Web.config File Information Disclosure

An information disclosure vulnerability exists in the remote web server due to the disclosure of the web.config file. An unauthenticated, remote attacker can exploit this, via a simple GET request, to disclose potentially sensitive configuration information. No source data...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/09/29 8:26 a.m.8 views

universitas21.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-681045 Description| Value ---|--- Affected Website:| universitas21.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2018/09/21 3:35 p.m.28 views

Starbucks: China - ecjobsdc.starbucks.com.cn html/shtml file upload vulnerability

1, Summary During the test, I found ecjobsdc.starbucks.com.cn this site has an upload vulnerability, you can upload html and shtml format files, so you can read the server's intranet IP, the physical address of the website application and read the website web.config file. 2, Vulnerability scope...

0.3AI score
Exploits0
OSV
OSV
added 2018/08/29 4:29 p.m.3 views

CVE-2018-14805

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability...

9.8CVSS5.8AI score0.04807EPSS
Exploits0References3
Prion
Prion
added 2018/08/29 4:29 p.m.16 views

Design/Logic Flaw

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability...

7.5CVSS9.3AI score0.04807EPSS
Exploits0References3Affected Software1
Openbugbounty
Openbugbounty
added 2018/06/26 2:47 a.m.14 views

academiadoaprendiz.com.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-636740 Description| Value ---|--- Affected Website:| academiadoaprendiz.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Exploits0
Exploit DB
Exploit DB
added 2018/04/06 12:0 a.m.63 views

DotNetNuke DNNarticle Module 11 - Directory Traversal

Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...

9.8CVSS9.7AI score0.50244EPSS
Exploits5
exploitpack
exploitpack
added 2018/04/06 12:0 a.m.67 views

DotNetNuke DNNarticle Module 11 - Directory Traversal

DotNetNuke DNNarticle Module 11 - Directory Traversal 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information...

5CVSS9.7AI score0.50244EPSS
Exploits5
OSV
OSV
added 2018/04/04 7:29 p.m.4 views

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

9.8CVSS5.8AI score0.50244EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2018/04/04 7:29 p.m.3 views

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

9.8CVSS5.6AI score0.50244EPSS
Exploits5References3
NVD
NVD
added 2018/04/04 7:29 p.m.22 views

CVE-2018-9126

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

9.8CVSS9.3AI score0.50244EPSS
Exploits5References2
Prion
Prion
added 2018/04/04 7:29 p.m.17 views

Code injection

The DNNArticle module 11 for DNN formerly DotNetNuke allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI...

5CVSS9.3AI score0.50244EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2018/04/04 7:0 p.m.117 views

CVE-2018-9126

CVE-2018-9126 affects the DNNArticle module 11 for DotNetNuke. The vulnerability allows remote attackers to read the web.config via the URI /GetCSS.ashx/?CP=%2fweb.config, exposing database credentials and other config data. Exploit references exist (Exploit-DB, PacketStorm), confirming in-the-wi...

9.8CVSS9.3AI score0.50244EPSS
Exploits5References2Affected Software1
0day.today
0day.today
added 2018/04/02 12:0 a.m.62 views

DotNetNuke DNNarticle Directory Traversal Vulnerability

Exploit for asp platform in category web applications 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian 02. Vulnerability Information OVE-ID: CVE-2018-912...

9.2AI score0.50244EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/03/31 12:0 a.m.58 views

DotNetNuke DNNarticle Directory Traversal

Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...

9.2AI score0.50244EPSS
Exploits5
Rows per page
Query Builder