Menu

Search for hundreds of thousands of exploits

"BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution"

Author

"Aaron Bishop"

Platform

aspx

Release date

2019-06-19

Release Date Title Type Platform Author
2019-07-11 "Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting" webapps aspx "Owais Mehtab"
2019-06-25 "BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal" webapps aspx "Aaron Bishop"
2019-06-20 "BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection" webapps aspx "Aaron Bishop"
2019-06-19 "BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution" webapps aspx "Aaron Bishop"
2019-06-19 "BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution" webapps aspx "Aaron Bishop"
2019-06-13 "Sitecore 8.x - Deserialization Remote Code Execution" webapps aspx "Jarad Kopf"
2019-02-12 "BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution" webapps aspx "Dustin Cobb"
2019-01-14 "Umbraco CMS 7.12.4 - Authenticated Remote Code Execution" webapps aspx "Gregory Draperi"
2017-05-05 "Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure" webapps aspx "Usman Saeed"
2018-10-29 "Library Management System 1.0 - 'frmListBooks' SQL Injection" webapps aspx "Ihsan Sencan"
2018-10-24 "Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting" webapps aspx "Dino Barlattani"
2018-10-10 "Ektron CMS 9.20 SP2 - Improper Access Restrictions" webapps aspx alt3kx
2018-08-06 "Sitecore.Net 8.1 - Directory Traversal" webapps aspx Chris
2018-06-04 "EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting" webapps aspx "Chris Barretto"
2018-03-13 "SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities" webapps aspx "SEC Consult"
2017-09-27 "SmarterStats 11.3.6347 - Cross-Site Scripting" webapps aspx sqlhacker
2017-09-13 "ICEstate 1.1 - 'id' SQL Injection" webapps aspx "Ihsan Sencan"
2017-06-14 "KBVault MySQL 0.16a - Arbitrary File Upload" webapps aspx "Fatih Emiral"
2017-05-09 "Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions" webapps aspx "Pesach Zirkind"
2017-05-09 "Personify360 7.5.2/7.6.1 - Improper Access Restrictions" webapps aspx "Pesach Zirkind"
2018-02-02 "IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting" webapps aspx 1n3
2017-12-27 "DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)" webapps aspx "Glafkos Charalambous"
2017-03-15 "Sitecore CMS 8.1 Update-3 - Cross-Site Scripting" webapps aspx "Pralhad Chaskar"
2017-01-17 "Check Box 2016 Q2 Survey - Multiple Vulnerabilities" webapps aspx "Fady Mohammed Osman"
2018-01-24 "Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload" webapps aspx "Paul Taylor"
2018-01-24 "Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure" webapps aspx "Paul Taylor"
2016-09-22 "Microix Timesheet Module - SQL Injection" webapps aspx "Anthony Cole"
2016-09-19 "MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities" webapps aspx "Paul Baade & Sven Krewitt"
2017-11-16 "LanSweeper 6.0.100.75 - Cross-Site Scripting" webapps aspx "Miguel Mendez Z"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47010/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/47010/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47010/41419/blogenginenet-336337-dirpath-directory-traversal-remote-code-execution/download/", "exploit_id": "47010", "exploit_description": "\"BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution\"", "exploit_date": "2019-06-19", "exploit_author": "\"Aaron Bishop\"", "exploit_type": "webapps", "exploit_platform": "aspx", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications including basic vulnerability identification.

Browse exploit APIBrowse