Security
Headlines
HeadlinesLatestCVEs

Tag

#asp.net

Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).

The Hacker News
Open in Source
#vulnerability#web#microsoft#git#backdoor#rce#auth#asp.net#The Hacker News
Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns

An unpatched Microsoft Web server allowed multiple cybersecurity threat groups to steal data from a federal civilian executive branch.

CVE-2021-33224: Umbraco - the flexible open-source .NET (ASP.NET Core) CMS

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.

CVE-2022-39983: ​​Vulnerability Report - Instant Developer RD3 (CVE-2022-39983)

File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code.

Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

By Deeba Ahmed The web hosting giant GoDaddy has been rattled by an almost two-year-long data breach that went undetected from 2020 to 2022. This is a post from HackRead.com Read the original post: Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

CVE-2023-24687: GitHub - i7MEDIA/mojoportal: mojoPortal is an extensible, cross database, mobile friendly, web content management system (CMS) and web application framework written in C# ASP.NET.

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.

CVE-2022-45297: GitHub - tlfyyds/EQ

EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.

CVE-2022-45922: Multiple post-authentication vulnerabilities including RCE (OpenText™ Extended ECM)

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

Kotlin app development company – How to choose

By Owais Sultan Find out what Kotlin app development will bring to your company, which global giants have already taken advantage… This is a post from HackRead.com Read the original post: Kotlin app development company – How to choose