This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.
3e11070aa3e56e32d0904d26cac7cacb888f2199f24e9d97a3ad562caf0a7096FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.
139ccad597b02f049b3b2b0129bd2dd23c86df34ebff98c04ada72b76409a1d8This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.
38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffcSecunia Security Advisory - A vulnerability has been reported in CuteSoft Cute Editor for ASP.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.
f6b853c05830d23c3234b909965748234c325eca2071bb8c5e305c7ae6123e39Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289cThis Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.
a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bbB2CPrint suffers from a remote ASP shell upload vulnerability.
07aa64e3542baf26914c58bd60df81bce81243de8587811fbef33dcfab8b6757The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques.
f4297d4df9c7cacbca1f10534a0d4c968fff5b9b90fe6f1cbd3316b6cc0ac1d1ASP Content Management suffers from a remote database disclosure vulnerability.
ed2c1c995ba55abc3d684e158935240fbf5549efa2590b99e3a007e08eb041b7ASP-DEv XM Forums suffers from a remote SQL injection vulnerability.
8446a9b73c68c9fe39bea37f8d215078ada86454157f60f7b639e5bc719634c4ASP-DEv XM Diary suffers from a remote SQL injection vulnerability.
cf3c509b6e8491ab677d96ab6563bf4efd4aa8af7b4e2db270f22deffd6bef71This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.
0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1bMicrosoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability.
7432953a885d29ecc984b1dab18e4eeeb9ab253b2c398a82436125325e03bc71Secunia Security Advisory - demonalex has discovered some vulnerabilities in Matthew1471's ASP BlogX, which can be exploited by malicious people to conduct cross-site scripting attacks.
81cdfd16fd3f8bd98776d89be75d9e069e0292e7aa0bbf49a426d618b2619cb8Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8fASP Classifieds suffers from a remote SQL injection vulnerability.
e189fcd5c11ee4c290d2e24ce9052d1a142ab65d38292858958e6fe3fdecdaeeLastguru ASP Guestbook suffers from a remote SQL injection vulnerability.
7647a173e3a544c79753938e1534393439d68cd8fb354d9d974f67bded9d6f47Acidcat ASP CMS versions 3.5.1 and 3.5.2 suffer from multiple cross site scripting vulnerabilities.
d83dbc616c5f99929bca4b8bb2acedbe78f10816c081b3a5f0d0ec9d8f6ca014ASP.NET hash denial of service exploit payload. Includes 1mb and 4mb files.
e7cace4bf681564ae8f72214e32ef52df60106efc4dfc0e3caa41b8ec205a6a5Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.
294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5dZero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5QueCom Qortal User version 5.10.014 suffers from an ASP source code disclosure vulnerability.
11fcb994a6a7c4c752a1ef798167f062dfa3122a5dd5ed6f93a6bca2604bcdcaSecunia Security Advisory - A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks.
d0a802f61456e731fc7e9c76326b74ba8a365f29eb649dbfbed48322681967b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed