what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 465 RSS Feed

ASP Files

Kaseya uploadImage Arbitrary File Upload
Posted Dec 4, 2013
Authored by Thomas Hibbert | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.

tags | exploit, arbitrary, code execution, asp, file upload
advisories | OSVDB-99984
SHA-256 | 3e11070aa3e56e32d0904d26cac7cacb888f2199f24e9d97a3ad562caf0a7096
FCKEditor 2.6.8 ASP File Upload Protection Bypass
Posted Nov 28, 2012
Authored by Soroush Dalili

FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

tags | advisory, asp, bypass, file upload
SHA-256 | 139ccad597b02f049b3b2b0129bd2dd23c86df34ebff98c04ada72b76409a1d8
Avaya IP Office Customer Call Reporter Command Execution
Posted Oct 8, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

tags | exploit, remote, arbitrary, asp, bypass
systems | windows
advisories | CVE-2012-3811, OSVDB-83399
SHA-256 | 38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645
ASP-DEv XM Forums RC 3 SQL Injection
Posted Aug 29, 2012
Authored by Crim3R

ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection, asp
SHA-256 | 9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffc
Secunia Security Advisory 50313
Posted Aug 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in CuteSoft Cute Editor for ASP.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss, asp
SHA-256 | f6b853c05830d23c3234b909965748234c325eca2071bb8c5e305c7ae6123e39
Hashes Generation And Injection Tool
Posted Aug 17, 2012
Authored by Pedro Ribeiro | Site github.com

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

tags | tool, java, web, php, asp
systems | unix
SHA-256 | 6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
B2CPrint Remote Shell Upload
Posted Jun 29, 2012
Authored by Mr.XpR

B2CPrint suffers from a remote ASP shell upload vulnerability.

tags | exploit, remote, shell, asp
SHA-256 | 07aa64e3542baf26914c58bd60df81bce81243de8587811fbef33dcfab8b6757
SolarWinds Network Performance Monitor Blind SQL Injection
Posted Jun 19, 2012
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques.

tags | advisory, arbitrary, sql injection, asp
SHA-256 | f4297d4df9c7cacbca1f10534a0d4c968fff5b9b90fe6f1cbd3316b6cc0ac1d1
ASP Content Management Database Disclosure
Posted Jun 19, 2012
Authored by indoushka

ASP Content Management suffers from a remote database disclosure vulnerability.

tags | exploit, remote, asp, info disclosure
SHA-256 | ed2c1c995ba55abc3d684e158935240fbf5549efa2590b99e3a007e08eb041b7
ASP-DEv XM Forums SQL Injection
Posted Apr 27, 2012
Authored by Farbod Mahini

ASP-DEv XM Forums suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, asp
SHA-256 | 8446a9b73c68c9fe39bea37f8d215078ada86454157f60f7b639e5bc719634c4
ASP-DEv XM Diary SQL Injection
Posted Apr 27, 2012
Authored by Farbod Mahini

ASP-DEv XM Diary suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, asp
SHA-256 | cf3c509b6e8491ab677d96ab6563bf4efd4aa8af7b4e2db270f22deffd6bef71
LANDesk Lenovo ThinkManagement Console Remote Command Execution
Posted Apr 10, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.

tags | exploit, asp
advisories | CVE-2012-1195, CVE-2012-1196, OSVDB-79276, OSVDB-79277
SHA-256 | 0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1b
Microsoft ASP.NET Forms Authentication Bypass
Posted Mar 29, 2012
Authored by K. Gudinavicius, m | Site sec-consult.com

Microsoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability.

tags | exploit, asp, bypass
advisories | CVE-2011-3416
SHA-256 | 7432953a885d29ecc984b1dab18e4eeeb9ab253b2c398a82436125325e03bc71
Secunia Security Advisory 48573
Posted Mar 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - demonalex has discovered some vulnerabilities in Matthew1471's ASP BlogX, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, asp
SHA-256 | 81cdfd16fd3f8bd98776d89be75d9e069e0292e7aa0bbf49a426d618b2619cb8
Matthew1471s ASP BlogX Cross Site Scripting
Posted Mar 28, 2012
Authored by demonalex

Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
SHA-256 | 278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8f
ASP Classifieds SQL Injection
Posted Mar 18, 2012
Authored by r45c4l

ASP Classifieds suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, asp
SHA-256 | e189fcd5c11ee4c290d2e24ce9052d1a142ab65d38292858958e6fe3fdecdaee
Lastguru ASP Guestbook SQL Injection
Posted Mar 4, 2012
Authored by demonalex

Lastguru ASP Guestbook suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection, asp
SHA-256 | 7647a173e3a544c79753938e1534393439d68cd8fb354d9d974f67bded9d6f47
Acidcat ASP CMS 3.5.2 Cross Site Scripting
Posted Jan 21, 2012
Authored by d3v1l, RandomStorm

Acidcat ASP CMS versions 3.5.1 and 3.5.2 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, asp
SHA-256 | d83dbc616c5f99929bca4b8bb2acedbe78f10816c081b3a5f0d0ec9d8f6ca014
ASP.NET Hash Denial Of Service Payload
Posted Jan 6, 2012
Authored by HybrisDisaster

ASP.NET hash denial of service exploit payload. Includes 1mb and 4mb files.

tags | exploit, denial of service, asp
systems | unix
SHA-256 | e7cace4bf681564ae8f72214e32ef52df60106efc4dfc0e3caa41b8ec205a6a5
Microsoft ASP.NET Forms Authentication Bypass
Posted Dec 30, 2011
Authored by K. Gudinavicius | Site sec-consult.com

Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.

tags | advisory, asp, bypass
advisories | CVE-2011-3416
SHA-256 | 294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
Zero Day Initiative Advisory 11-354
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4168
SHA-256 | f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5d
Zero Day Initiative Advisory 11-353
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4167
SHA-256 | 5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5
QuesCom Qportal User 5.10.014 Source Disclosure
Posted Dec 9, 2011
Authored by Ewerson Guimaraes | Site dclabs.com.br

QueCom Qortal User version 5.10.014 suffers from an ASP source code disclosure vulnerability.

tags | exploit, asp
SHA-256 | 11fcb994a6a7c4c752a1ef798167f062dfa3122a5dd5ed6f93a6bca2604bcdca
Secunia Security Advisory 46686
Posted Nov 2, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection, asp
SHA-256 | d0a802f61456e731fc7e9c76326b74ba8a365f29eb649dbfbed48322681967b1
Page 2 of 19
Back12345Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close