KesionCMS ASP version 9.5 suffers from an add administrator vulnerability.
8f7da64c05cea45e214c0b133100220a4e4204662264b751cdf75e0cfc9d4cf3
This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).
2f6a8f760339d2c83d483651740d009b85c87d1a8e03ca388c1ef83409e65051
Red Hat Security Advisory 2020-3699-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Security Fixes: .NET Core: ASP.NET cookie prefix spoofing vulnerability. Issues addressed include a spoofing vulnerability.
7eeb6e7fa92674b30184bea1625342bc83c0ce98fc29e396e3ea53dc07658cc2
Red Hat Security Advisory 2020-3422-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.107 and .NET Core Runtime 3.1.7. Security Fixes: .NET Core: ASP.NET Core Resource Consumption Denial of Service. Issues addressed include a denial of service vulnerability.
63ff17b1af981e5982dd10ff67547e6ebfc5151221f3bd6a33f8e48ae1b0ba3e
This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during "full" installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, which is IUSRPLESK_sqladmin for Plesk and described as the "SQL Admin MSSQL anonymous account". Tested on the latest Plesk Obsidian with optional myLittleAdmin 3.8.
4124c84ac15efa5a91216b271b351c4f85f28724a0347ca062414a3d04b8a3b5
The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.
4aab62684a4cdf73f2ac375b58ade0ea344753c8d22b1fdf5f8a4e944c3eee54
The ZyXEL P-660HN-T1 V2 rpWLANRedirect.asp page is missing authentication and discloses an administrator password.
cd8bb7af8822a1c75ff1134d8c9adce8d94144c9aa905f9b2571d26b3cd740ee
LW-N605R devices allow remote code execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
405a54b7328103d274033ba1718a79ec36e34a387798e6c349e7e6c74465d240
ASP.NET jVideo Kit version 1.0 suffers from a remote SQL injection vulnerability.
eb792f18f1f53dbfb6b5c50d9878dc053d894293efeeb4b0f55522c1f6d55849
ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability.
1d6c349a4c1cbeebdb441bb9d71d28155836dfc3262d25c0f5027232b302026b
ASP Gateway 1.0.0 suffers from a database disclosure vulnerability.
7117d0ed47e50d0cd2ca5bc4a1b4c5a29c59a1035262d55ef463a436105f5798
CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.
82753c89cb961457842b407e2a28042ca4dfbd896b15eb1555371fa0f3628dce
AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.
285a356df0342917c10949047f0e7a8de20316652b88f7502badf4e23df2d5c3
ASP webshell backdoor designed specifically for IIS 8.
a44d9c6790e87fa2491d5b551491b6c414d55452959ef3a48cf31d639af39609
ASP Forums version 2.1 suffers from a database disclosure vulnerability.
2a82cea0a7e0fc3cdf08bd773189c08f0aff6348e891a9283f84cac52de4e6d2
ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.
03ca5035c8a555789ffc39c66287fa1aa9631adb55c10abcd347b9d848a316c2
ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
2e960dfa2b379ae040834e8b3cb8d71edacd24f9b079f13a5a901b91e0617293
This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.
a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7d
This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.
95061f597110575d12518dbaad93354d7acf1c2eabf6a59fdfcc9c6bc66fdd45
Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.
c00ca1a36468d8069de3d09b942cd140f1aa6d4e521b6cead6b21e7289d8edea
This is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.
e01e929f0159f35636b57ccb14d23133cee0871e331625923ed2e065e0033b49
This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.
ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3
DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.
394a34f5bb9c0db271438b8c89cbdc148df7951f648d6063157e850611f77962
ASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.
902da011bf746423d5b241e17da52bd86559dbc0d84acce478a7761e2d717453
This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.
3e11070aa3e56e32d0904d26cac7cacb888f2199f24e9d97a3ad562caf0a7096