This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.
3e11070aa3e56e32d0904d26cac7cacb888f2199f24e9d97a3ad562caf0a7096
FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.
139ccad597b02f049b3b2b0129bd2dd23c86df34ebff98c04ada72b76409a1d8
This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.
38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645
ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffc
Secunia Security Advisory - A vulnerability has been reported in CuteSoft Cute Editor for ASP.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.
f6b853c05830d23c3234b909965748234c325eca2071bb8c5e305c7ae6123e39
Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.
a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
B2CPrint suffers from a remote ASP shell upload vulnerability.
07aa64e3542baf26914c58bd60df81bce81243de8587811fbef33dcfab8b6757
The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques.
f4297d4df9c7cacbca1f10534a0d4c968fff5b9b90fe6f1cbd3316b6cc0ac1d1
ASP Content Management suffers from a remote database disclosure vulnerability.
ed2c1c995ba55abc3d684e158935240fbf5549efa2590b99e3a007e08eb041b7
ASP-DEv XM Forums suffers from a remote SQL injection vulnerability.
8446a9b73c68c9fe39bea37f8d215078ada86454157f60f7b639e5bc719634c4
ASP-DEv XM Diary suffers from a remote SQL injection vulnerability.
cf3c509b6e8491ab677d96ab6563bf4efd4aa8af7b4e2db270f22deffd6bef71
This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.
0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1b
Microsoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability.
7432953a885d29ecc984b1dab18e4eeeb9ab253b2c398a82436125325e03bc71
Secunia Security Advisory - demonalex has discovered some vulnerabilities in Matthew1471's ASP BlogX, which can be exploited by malicious people to conduct cross-site scripting attacks.
81cdfd16fd3f8bd98776d89be75d9e069e0292e7aa0bbf49a426d618b2619cb8
Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8f
ASP Classifieds suffers from a remote SQL injection vulnerability.
e189fcd5c11ee4c290d2e24ce9052d1a142ab65d38292858958e6fe3fdecdaee
Lastguru ASP Guestbook suffers from a remote SQL injection vulnerability.
7647a173e3a544c79753938e1534393439d68cd8fb354d9d974f67bded9d6f47
Acidcat ASP CMS versions 3.5.1 and 3.5.2 suffer from multiple cross site scripting vulnerabilities.
d83dbc616c5f99929bca4b8bb2acedbe78f10816c081b3a5f0d0ec9d8f6ca014
ASP.NET hash denial of service exploit payload. Includes 1mb and 4mb files.
e7cace4bf681564ae8f72214e32ef52df60106efc4dfc0e3caa41b8ec205a6a5
Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.
294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5d
Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5
QueCom Qortal User version 5.10.014 suffers from an ASP source code disclosure vulnerability.
11fcb994a6a7c4c752a1ef798167f062dfa3122a5dd5ed6f93a6bca2604bcdca
Secunia Security Advisory - A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks.
d0a802f61456e731fc7e9c76326b74ba8a365f29eb649dbfbed48322681967b1