Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotnetnuke vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
445
VMScore
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
Dnnsoftware Dotnetnuke
445
VMScore
CVE-2018-18325
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Dnnsoftware Dotnetnuke
445
VMScore
CVE-2018-15811
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 uses a weak encryption algorithm to protect input parameters.
Dnnsoftware Dotnetnuke
384
VMScore
CVE-2018-14486
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
Dnnsoftware Dotnetnuke 9.1.1
446
VMScore
CVE-2017-0929
DNN (aka DotNetNuke) prior to 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
Dnnsoftware Dotnetnuke
383
VMScore
CVE-2018-10138
The CATALooK.netStore module up to and including 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.
Catalooksupport .netstore
505
VMScore
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote malicious users to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.
Zldnn Dnnarticle 11
1 EDB exploit
1 Github repository
582
VMScore
CVE-2017-9822
DNN (aka DotNetNuke) prior to 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Dnnsoftware Dotnetnuke
13 Github repositories
756
VMScore
CVE-2015-2794
The installation wizard in DotNetNuke (DNN) prior to 7.4.1 allows remote malicious users to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
Dotnetnuke Dotnetnuke
1 EDB exploit
5 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »