Security
Headlines
HeadlinesLatestCVEs

Tag

#asp.net

CVE-2022-27498: TALOS-2022-1531 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

CVE
Open in Source
#vulnerability#web#windows#microsoft#cisco#js#intel#auth#firefox#asp.net
CVE-2022-29517: TALOS-2022-1529 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-29511: TALOS-2022-1530 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-28703: TALOS-2022-1532 || Cisco Talos Intelligence Group

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-32573: TALOS-2022-1528 || Cisco Talos Intelligence Group

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-32763: TALOS-2022-1541 || Cisco Talos Intelligence Group

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-4277: Vulnerability/SQL injection exists in the background management system Default of Shaoxing Punctuation Electronic Technology Co., LTD.md at main · Peanut886/Vulnerability

A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.

Microsoft Office Online Server open to SSRF-to-RCE exploit

Behavior functioning as intended, Microsoft reportedly says, and offers mitigation advice instead

CVE-2022-33077: Free and open-source eCommerce platform. ASP.NET Core based shopping cart.

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.

CVE-2022-41479: DevExpress/ASP.NET_Web_Forms_Build_19.2.3 at main · IthacaLabs/DevExpress

The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code.