"Name","Status","Description","References","Phase","Votes", CVE-2004-2323;Candidate;DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.;BID:9518 | URL:http://www.securityfocus.com/bid/9518 | FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html | OSVDB:3749 | URL:http://www.osvdb.org/3749 | SECUNIA:10747 | URL:http://secunia.com/advisories/10747 | XF:dotnetnuke-get-information-disclosure(14972) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14972;Assigned (20050816);None (candidate not yet proposed) CVE-2004-2324;Candidate;SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.;BID:9518 | URL:http://www.securityfocus.com/bid/9518 | FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html | OSVDB:3750 | URL:http://www.osvdb.org/3750 | SECUNIA:10747 | URL:http://secunia.com/advisories/10747 | XF:dotnetnuke-multiple-sql-injection(14973) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14973;Assigned (20050816);None (candidate not yet proposed) CVE-2004-2325;Candidate;Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.;BID:9518 | URL:http://www.securityfocus.com/bid/9518 | FULLDISC:20040128 Dotnetnuke Multiple Vulnerabilities | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html | OSVDB:3751 | URL:http://www.osvdb.org/3751 | SECUNIA:10747 | URL:http://secunia.com/advisories/10747 | XF:dotnetnuke-editmoduleaspxxss(14974) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14974;Assigned (20050816);None (candidate not yet proposed) CVE-2004-2699;Candidate;deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.;BID:10506 | URL:http://www.securityfocus.com/bid/10506 | BUGTRAQ:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation | URL:http://www.securityfocus.com/archive/1/365559 | FULLDISC:20040609 Advisory: ASPDOTNETSTOREFRONT Improper Session Validation | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0235.html | OSVDB:6958 | URL:http://www.osvdb.org/6958 | SECUNIA:11839 | URL:http://secunia.com/advisories/11839 | SREASON:3206 | URL:http://securityreason.com/securityalert/3206 | XF:aspdotnetstorefront-improper-validation(16377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16377;Assigned (20071006);None (candidate not yet proposed) CVE-2004-2700;Candidate;Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.;FULLDISC:20040609 ASPDOTNETSTOREFRONT ASPDOTNETSTOREFRONT Improper Upload Validation | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0230.html | OSVDB:6959 | URL:http://www.osvdb.org/6959 | SECUNIA:11839 | URL:http://secunia.com/advisories/11839;Assigned (20071006);None (candidate not yet proposed) CVE-2004-2701;Candidate;Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.;BID:10507 | URL:http://www.securityfocus.com/bid/10507 | BUGTRAQ:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.html | FULLDISC:20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.html | SECUNIA:11839 | URL:http://secunia.com/advisories/11839 | XF:aspdotnetstorefront-signin-xss(16426) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16426;Assigned (20071006);None (candidate not yet proposed) CVE-2005-0040;Candidate;Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.;BID:13644 | URL:http://www.securityfocus.com/bid/13644 | BID:13646 | URL:http://www.securityfocus.com/bid/13646 | BID:13647 | URL:http://www.securityfocus.com/bid/13647 | BUGTRAQ:20050516 DotNetNuke (Multiple XSS) | URL:http://marc.info/?l=bugtraq&m=111627180518591&w=2 | MISC:http://www.woany.co.uk/advisories/dotnetnukexss.txt | SECUNIA:15397 | URL:http://secunia.com/advisories/15397;Assigned (20050107);None (candidate not yet proposed) CVE-2006-1415;Candidate;Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter.;BID:17246 | URL:http://www.securityfocus.com/bid/17246 | MISC:http://pridels0.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html | OSVDB:24122 | URL:http://www.osvdb.org/24122 | SECUNIA:19398 | URL:http://secunia.com/advisories/19398 | VUPEN:ADV-2006-1098 | URL:http://www.vupen.com/english/advisories/2006/1098 | XF:dotnetbb-iforget-xss(25462) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/25462;Assigned (20060328);None (candidate not yet proposed) CVE-2006-3601;Candidate;** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.;BID:18522 | URL:http://www.securityfocus.com/bid/18522 | MISC:http://www.zone-h.org/content/view/4770/31/ | SECTRACK:1016332 | URL:http://securitytracker.com/id?1016332;Assigned (20060714);None (candidate not yet proposed) CVE-2006-4973;Candidate;Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.;BID:20117 | URL:http://www.securityfocus.com/bid/20117 | CONFIRM:http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx | MISC:http://www.secureshapes.com/advisories/vuln20-09-2006.htm | SECUNIA:22051 | URL:http://secunia.com/advisories/22051 | VUPEN:ADV-2006-3734 | URL:http://www.vupen.com/english/advisories/2006/3734 | XF:dotnetnuke-default-xss(29048) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29048;Assigned (20060924);None (candidate not yet proposed) CVE-2007-0660;Candidate;"Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to ""Pass through values.""";BID:22334 | URL:http://www.securityfocus.com/bid/22334 | CONFIRM:http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278 | OSVDB:36476 | URL:http://osvdb.org/36476 | VUPEN:ADV-2007-0433 | URL:http://www.vupen.com/english/advisories/2007/0433 | XF:dotnetnuke-iframe-unspecified-xss(32037) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32037;Assigned (20070201);None (candidate not yet proposed) CVE-2008-6399;Candidate;"Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to ""add additional roles to their user account"" via unknown attack vectors.";BID:33109 | URL:http://www.securityfocus.com/bid/33109 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/Default.aspx | OSVDB:51141 | URL:http://osvdb.org/51141 | SECUNIA:33401 | URL:http://secunia.com/advisories/33401;Assigned (20090305);None (candidate not yet proposed) CVE-2008-6540;Candidate;DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.;BID:28391 | URL:http://www.securityfocus.com/bid/28391 | BUGTRAQ:20080321 DotNetNuke Default Machine Key Exposure | URL:http://www.securityfocus.com/archive/1/489957/100/0/threaded | CONFIRM:http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspx | OSVDB:43720 | URL:http://osvdb.org/43720 | SECUNIA:29488 | URL:http://secunia.com/advisories/29488 | XF:dotnetnuke-webconfig-weak-security(41399) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41399;Assigned (20090329);None (candidate not yet proposed) CVE-2008-6541;Candidate;Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.;BID:28438 | URL:http://www.securityfocus.com/bid/28438 | CONFIRM:http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspx | OSVDB:43719 | URL:http://osvdb.org/43719 | SECUNIA:29488 | URL:http://secunia.com/advisories/29488;Assigned (20090329);None (candidate not yet proposed) CVE-2008-6542;Candidate;"Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform ""server-side execution of application logic"" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.";BID:28438 | URL:http://www.securityfocus.com/bid/28438 | CONFIRM:http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx | OSVDB:43721 | URL:http://osvdb.org/43721 | SECUNIA:29488 | URL:http://secunia.com/advisories/29488 | XF:dotnetnuke-skinmanager-unspecified(49767) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49767;Assigned (20090329);None (candidate not yet proposed) CVE-2008-6644;Candidate;Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.;BID:29437 | URL:http://www.securityfocus.com/bid/29437 | BUGTRAQ:20080530 Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability | URL:http://www.securityfocus.com/archive/1/492793/100/0/threaded | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno19/tabid/1166/Default.aspx | SECUNIA:30617 | URL:http://secunia.com/advisories/30617 | XF:dotnetnuke-pathinfo-xss(42752) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42752;Assigned (20090406);None (candidate not yet proposed) CVE-2008-6732;Candidate;"Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via ""newly generated paths.""";BID:29686 | URL:http://www.securityfocus.com/bid/29686 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx | OSVDB:46322 | URL:http://www.osvdb.org/46322 | SECUNIA:30617 | URL:http://secunia.com/advisories/30617 | XF:dotnetnuke-lso-xss(43030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43030;Assigned (20090421);None (candidate not yet proposed) CVE-2008-6733;Candidate;Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.;BID:29686 | URL:http://www.securityfocus.com/bid/29686 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx | OSVDB:46323 | URL:http://www.osvdb.org/46323 | SECUNIA:30617 | URL:http://secunia.com/advisories/30617 | XF:dotnetnuke-errorpage-xss(43026) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43026;Assigned (20090421);None (candidate not yet proposed) CVE-2008-7100;Candidate;"Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a ""unique id"" for user actions and improper validation of a ""user identity.""";BID:31145 | URL:http://www.securityfocus.com/bid/31145 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx | OSVDB:48343 | URL:http://osvdb.org/48343 | SECUNIA:31893 | URL:http://secunia.com/advisories/31893 | XF:dotnetnuke-identity-auth-bypass(45081) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45081;Assigned (20090827);None (candidate not yet proposed) CVE-2008-7101;Candidate;Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information (portal number) by accessing the install wizard page via unknown vectors.;BID:31145 | URL:http://www.securityfocus.com/bid/31145 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno22/tabid/1175/Default.aspx | OSVDB:48344 | URL:http://osvdb.org/48344 | SECUNIA:31893 | URL:http://secunia.com/advisories/31893 | XF:dotnetnuke-installwizard-info-disclosure(45080) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45080;Assigned (20090827);None (candidate not yet proposed) CVE-2008-7102;Candidate;DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.;BID:31145 | URL:http://www.securityfocus.com/bid/31145 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx | OSVDB:48345 | URL:http://osvdb.org/48345 | SECUNIA:31893 | URL:http://secunia.com/advisories/31893 | XF:dotnetnuke-skinfiles-security-bypass(45077) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45077;Assigned (20090827);None (candidate not yet proposed) CVE-2009-1366;Candidate;"Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to ""name/value pairs"" and ""paypal IPN functionality.""";BID:34484 | URL:http://www.securityfocus.com/bid/34484 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno25/tabid/1260/Default.aspx | SECUNIA:34686 | URL:http://secunia.com/advisories/34686;Assigned (20090422);None (candidate not yet proposed) CVE-2009-4109;Candidate;The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.;BID:37139 | URL:http://www.securityfocus.com/bid/37139 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx | OSVDB:60520 | URL:http://osvdb.org/60520 | SECUNIA:37480 | URL:http://secunia.com/advisories/37480;Assigned (20091128);None (candidate not yet proposed) CVE-2009-4110;Candidate;Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.;BID:37139 | URL:http://www.securityfocus.com/bid/37139 | CONFIRM:http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx | OSVDB:60519 | URL:http://osvdb.org/60519 | SECUNIA:37480 | URL:http://secunia.com/advisories/37480 | XF:dotnetnuke-search-xss(54453) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54453;Assigned (20091128);None (candidate not yet proposed) CVE-2010-4514;Candidate;Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.;BID:45180 | URL:http://www.securityfocus.com/bid/45180 | MISC:http://packetstormsecurity.org/files/view/96378/PR10-19.txt | MISC:http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19 | SECTRACK:1024828 | URL:http://www.securitytracker.com/id?1024828 | SECUNIA:42478 | URL:http://secunia.com/advisories/42478;Assigned (20101209);None (candidate not yet proposed) CVE-2011-4153;Candidate;PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.;BUGTRAQ:20120114 PHP 5.3.8 Multiple vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html | EXPLOIT-DB:18370 | URL:http://www.exploit-db.com/exploits/18370/ | HP:HPSBMU02786 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 | HP:HPSBUX02791 | URL:http://marc.info/?l=bugtraq&m=134012830914727&w=2 | HP:SSRT100856 | URL:http://marc.info/?l=bugtraq&m=134012830914727&w=2 | HP:SSRT100877 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 | MISC:http://cxsecurity.com/research/103 | SECUNIA:48668 | URL:http://secunia.com/advisories/48668 | SUSE:SUSE-SU-2012:0411 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html | SUSE:SUSE-SU-2012:0472 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html | SUSE:openSUSE-SU-2012:0426 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html;Assigned (20111021);None (candidate not yet proposed) CVE-2011-4741;Candidate;The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/.;MISC:http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html | XF:plesk-database-info-disclosure(72318) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/72318;Assigned (20111211);None (candidate not yet proposed) CVE-2012-1030;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.;CONFIRM:http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr12-003;Assigned (20120207);None (candidate not yet proposed) CVE-2012-1036;Candidate;Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.;CONFIRM:http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr12-002;Assigned (20120208);None (candidate not yet proposed) CVE-2013-3943;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.;BID:61809 | URL:http://www.securityfocus.com/bid/61809 | CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | SECUNIA:53493 | URL:http://secunia.com/advisories/53493;Assigned (20130604);None (candidate not yet proposed) CVE-2013-4649;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.;CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | MISC:http://packetstormsecurity.com/files/122792/DotNetNuke-DNN-7.1.0-6.2.8-Cross-Site-Scripting.html | SECUNIA:53493 | URL:http://secunia.com/advisories/53493 | XF:dotnetnuke-cve20134649-dnnvariable-xss(86432) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/86432;Assigned (20130624);None (candidate not yet proposed) CVE-2013-5117;Candidate;SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.;BID:61788 | URL:http://www.securityfocus.com/bid/61788 | CONFIRM:http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx | EXPLOIT-DB:27602 | URL:http://www.exploit-db.com/exploits/27602 | FULLDISC:20130902 DotNetNuke (DNNArticle Module) SQL Injection Vulnerability | URL:http://seclists.org/fulldisclosure/2013/Sep/9 | OSVDB:96306 | URL:http://osvdb.org/96306;Assigned (20130813);None (candidate not yet proposed) CVE-2013-7335;Candidate;Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.;BID:61809 | URL:http://www.securityfocus.com/bid/61809 | CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | SECUNIA:53493 | URL:http://secunia.com/advisories/53493;Assigned (20140312);None (candidate not yet proposed) CVE-2015-1566;Candidate;Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.;CONFIRM:http://www.dnnsoftware.com/platform/manage/security-center | SECUNIA:62832 | URL:http://secunia.com/advisories/62832;Assigned (20150209);None (candidate not yet proposed) CVE-2015-2794;Candidate;The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.;BID:96373 | URL:http://www.securityfocus.com/bid/96373 | CONFIRM:http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue | CONFIRM:http://www.dnnsoftware.com/community/security/security-center | CONFIRM:https://dotnetnuke.codeplex.com/releases/view/615317 | EXPLOIT-DB:39777 | URL:https://www.exploit-db.com/exploits/39777/;Assigned (20150330);None (candidate not yet proposed) CVE-2016-7119;Candidate;Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.;BID:92719 | URL:http://www.securityfocus.com/bid/92719 | CONFIRM:http://www.dnnsoftware.com/community/security/security-center;Assigned (20160831);None (candidate not yet proposed) CVE-2017-0929;Candidate;DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.;MISC:https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3;Assigned (20161130);None (candidate not yet proposed) CVE-2017-9822;Candidate;"DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka ""2017-08 (Critical) Possible remote code execution on DNN sites.""";BID:102213 | URL:http://www.securityfocus.com/bid/102213 | CONFIRM:http://www.dnnsoftware.com/community/security/security-center | MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html;Assigned (20170622);None (candidate not yet proposed) CVE-2018-1000210;Candidate;"YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line ""currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);"" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.";CONFIRM:https://github.com/aaubry/YamlDotNet#version-500 | CONFIRM:https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35;Assigned (20180713);None (candidate not yet proposed) CVE-2018-1002205;Candidate;DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.;CONFIRM:https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366 | CONFIRM:https://github.com/haf/DotNetZip.Semverd/pull/121 | MISC:https://github.com/snyk/zip-slip-vulnerability | MISC:https://snyk.io/research/zip-slip-vulnerability | MISC:https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245;Assigned (20180725);None (candidate not yet proposed) CVE-2018-10138;Candidate;The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.;MISC:https://cxsecurity.com/issue/WLB-2018040120;Assigned (20180416);None (candidate not yet proposed) CVE-2018-14486;Candidate;DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.;MISC:http://packetstormsecurity.com/files/151304/DNN-9.1-XML-Related-Cross-Site-Scripting.html | MISC:http://www.dnnsoftware.com/community/security/security-center;Assigned (20180720);None (candidate not yet proposed) CVE-2018-15811;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20180823);None (candidate not yet proposed) CVE-2018-15812;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20180823);None (candidate not yet proposed) CVE-2018-18325;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20181015);None (candidate not yet proposed) CVE-2018-18326;Candidate;DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.;MISC:http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20181015);None (candidate not yet proposed) CVE-2018-19395;Candidate;"ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(""WScript.Shell"").";BID:105989 | URL:http://www.securityfocus.com/bid/105989 | CONFIRM:https://security.netapp.com/advisory/ntap-20181221-0005/ | MISC:https://bugs.php.net/bug.php?id=77177;Assigned (20181120);None (candidate not yet proposed) CVE-2018-19396;Candidate;ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.;BID:105989 | URL:http://www.securityfocus.com/bid/105989 | CONFIRM:https://security.netapp.com/advisory/ntap-20181221-0005/ | MISC:https://bugs.php.net/bug.php?id=77177;Assigned (20181120);None (candidate not yet proposed) CVE-2018-9126;Candidate;The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.;EXPLOIT-DB:44414 | URL:https://www.exploit-db.com/exploits/44414/ | MISC:http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html;Assigned (20180329);None (candidate not yet proposed) CVE-2019-12562;Candidate;Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting.;MISC:http://packetstormsecurity.com/files/154673/DotNetNuke-Cross-Site-Scripting.html | MISC:https://mayaseven.com/cve-2019-12562-stored-cross-site-scripting-in-dotnetnuke-dnn-version-v9-3-2/;Assigned (20190602);None (candidate not yet proposed) CVE-2019-13355;Candidate;In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.;MISC:https://github.com/NtRaiseHardError/Antimalware-Research/tree/master/Total%20Defense/Local%20Privilege%20Escalation/v9.0.0.773 | MISC:https://www.totaldefense.com/security-blog;Assigned (20190705);None (candidate not yet proposed) CVE-2019-19392;Candidate;"The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles=""Administrators"" in XML or CSV data.";MISC:https://blog.joaoorvalho.com/description-cve-2019-19392/ | MISC:https://github.com/fordnn/usersexportimport/commits/master;Assigned (20191129);None (candidate not yet proposed) CVE-2020-11585;Candidate;There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter.;MISC:https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure/;Assigned (20200406);None (candidate not yet proposed) CVE-2020-27385;Candidate;Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\ in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\). The files can then be edited via the FileEditor.;MISC:https://blog.vonahi.io/whats-in-a-re-name/ | MISC:https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11;Assigned (20201021);None (candidate not yet proposed) CVE-2020-27386;Candidate;An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /.;MISC:http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html | MISC:https://blog.vonahi.io/whats-in-a-re-name/ | MISC:https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9 | MISC:https://github.com/rapid7/metasploit-framework/pull/14339;Assigned (20201021);None (candidate not yet proposed) CVE-2020-5186;Candidate;DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).;MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175 | MISC:https://packetstormsecurity.com/files/156483/DotNetNuke-CMS-9.5.0-Cross-Site-Scripting.html;Assigned (20200101);None (candidate not yet proposed) CVE-2020-5187;Candidate;DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).;MISC:http://packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175;Assigned (20200101);None (candidate not yet proposed) CVE-2020-5188;Candidate;DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.;MISC:http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html | MISC:https://github.com/dnnsoftware/Dnn.Platform/releases | MISC:https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175;Assigned (20200101);None (candidate not yet proposed) CVE-2021-31858;Candidate;DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.;MISC:https://labs.integrity.pt/advisories/cve-2021-31858/ | MISC:https://www.dnnsoftware.com/community/security/security-center;Assigned (20210428);None (candidate not yet proposed) CVE-2021-40186;Candidate;The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.;MISC:https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186 | URL:https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186;Assigned (20210829);None (candidate not yet proposed) CVE-2021-43569;Candidate;The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.;MISC:https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 | URL:https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2 | MISC:https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/ | URL:https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/;Assigned (20211109);None (candidate not yet proposed) CVE-2021-44150;Candidate;The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.;MISC:https://github.com/tusdotnet/tusdotnet/issues/157;Assigned (20211122);None (candidate not yet proposed) CVE-2022-47053;Candidate;An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.;MISC:https://www.dnnsoftware.com/community/security/security-center | MISC:https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager;Assigned (20221212);None (candidate not yet proposed) CVE-2024-23838;Candidate;TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.;MISC:https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e | URL:https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e | MISC:https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh | URL:https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh;Assigned (20240122);None (candidate not yet proposed)