ASP.NET Core Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.

SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.