Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for blogengine.net by dotnetblogengine
CVE-2019-10717 (GCVE-0-2019-10717)
Vulnerability from cvelistv5 – Published: 2019-07-03 15:40 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rxtur/BlogEngine.NET/commits/master | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jun/44 | mailing-listx_refsource_FULLDISC |
| https://www.securitymetrics.com/blog/Blogenginene… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:00.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T15:40:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rxtur/BlogEngine.NET/commits/master",
"refsource": "MISC",
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/44"
},
{
"name": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10717",
"datePublished": "2019-07-03T15:40:20.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:00.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10721 (GCVE-0-2019-10721)
Vulnerability from cvelistv5 – Published: 2019-07-03 15:23 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/rxtur/BlogEngine.NET/commits/master | x_refsource_MISC |
| https://www.securitymetrics.com/blog/Blogenginene… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T15:23:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rxtur/BlogEngine.NET/commits/master",
"refsource": "MISC",
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10721",
"datePublished": "2019-07-03T15:23:03.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:01.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10718 (GCVE-0-2019-10718)
Vulnerability from cvelistv5 – Published: 2019-06-21 18:23 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/153364/BlogE… | x_refsource_MISC |
| https://www.securitymetrics.com/blog/blogenginene… | x_refsource_MISC |
Date Public
2019-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T18:23:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html"
},
{
"name": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10718",
"datePublished": "2019-06-21T18:23:15.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:01.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11392 (GCVE-0-2019-11392)
Vulnerability from cvelistv5 – Published: 2019-06-21 18:22 – Updated: 2024-08-04 22:55
VLAI
Summary
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/blogenginene… | x_refsource_MISC |
Date Public
2019-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T18:22:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11392",
"datePublished": "2019-06-21T18:22:20.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:39.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10719 (GCVE-0-2019-10719)
Vulnerability from cvelistv5 – Published: 2019-06-21 18:11 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Jun/26 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/153347/BlogE… | x_refsource_MISC |
| https://www.securitymetrics.com/blog/BlogEngineNE… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:00.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190618 BlogEngine.NET Directory traversal + RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T18:17:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190618 BlogEngine.NET Directory traversal + RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190618 BlogEngine.NET Directory traversal + RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/26"
},
{
"name": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html"
},
{
"name": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10719",
"datePublished": "2019-06-21T18:11:57.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:00.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6953 (GCVE-0-2013-6953)
Vulnerability from cvelistv5 – Published: 2014-01-02 17:00 – Updated: 2024-08-06 17:53
VLAI
Summary
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/553166 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2013-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#553166",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/553166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T17:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#553166",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/553166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#553166",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/553166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6953",
"datePublished": "2014-01-02T17:00:00.000Z",
"dateReserved": "2013-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6476 (GCVE-0-2008-6476)
Vulnerability from cvelistv5 – Published: 2009-03-16 16:00 – Updated: 2024-08-07 11:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34227 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/ref/44/blogengine-search-xss.txt | x_refsource_MISC |
| http://osvdb.org/44290 | vdb-entryx_refsource_OSVDB |
Date Public
2008-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:46.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34227"
},
{
"name": "blogengine-search-xss(49307)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/44/blogengine-search-xss.txt"
},
{
"name": "44290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34227"
},
{
"name": "blogengine-search-xss(49307)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/44/blogengine-search-xss.txt"
},
{
"name": "44290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34227"
},
{
"name": "blogengine-search-xss(49307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49307"
},
{
"name": "http://osvdb.org/ref/44/blogengine-search-xss.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/44/blogengine-search-xss.txt"
},
{
"name": "44290",
"refsource": "OSVDB",
"url": "http://osvdb.org/44290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6476",
"datePublished": "2009-03-16T16:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:46.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10717 (GCVE-0-2019-10717)
Vulnerability from nvd – Published: 2019-07-03 15:40 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rxtur/BlogEngine.NET/commits/master | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jun/44 | mailing-listx_refsource_FULLDISC |
| https://www.securitymetrics.com/blog/Blogenginene… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:00.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T15:40:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rxtur/BlogEngine.NET/commits/master",
"refsource": "MISC",
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "20190624 BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/44"
},
{
"name": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10717",
"datePublished": "2019-07-03T15:40:20.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:00.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10721 (GCVE-0-2019-10721)
Vulnerability from nvd – Published: 2019-07-03 15:23 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/rxtur/BlogEngine.NET/commits/master | x_refsource_MISC |
| https://www.securitymetrics.com/blog/Blogenginene… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T15:23:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rxtur/BlogEngine.NET/commits/master",
"refsource": "MISC",
"url": "https://github.com/rxtur/BlogEngine.NET/commits/master"
},
{
"name": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10721",
"datePublished": "2019-07-03T15:23:03.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:01.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10718 (GCVE-0-2019-10718)
Vulnerability from nvd – Published: 2019-06-21 18:23 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/153364/BlogE… | x_refsource_MISC |
| https://www.securitymetrics.com/blog/blogenginene… | x_refsource_MISC |
Date Public
2019-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T18:23:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html"
},
{
"name": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10718",
"datePublished": "2019-06-21T18:23:15.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:01.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11392 (GCVE-0-2019-11392)
Vulnerability from nvd – Published: 2019-06-21 18:22 – Updated: 2024-08-04 22:55
VLAI
Summary
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.securitymetrics.com/blog/blogenginene… | x_refsource_MISC |
Date Public
2019-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T18:22:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11392",
"datePublished": "2019-06-21T18:22:20.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:39.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10719 (GCVE-0-2019-10719)
Vulnerability from nvd – Published: 2019-06-21 18:11 – Updated: 2024-08-04 22:32
VLAI
Summary
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2019/Jun/26 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/153347/BlogE… | x_refsource_MISC |
| https://www.securitymetrics.com/blog/BlogEngineNE… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:00.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190618 BlogEngine.NET Directory traversal + RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-21T18:17:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190618 BlogEngine.NET Directory traversal + RCE",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190618 BlogEngine.NET Directory traversal + RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/26"
},
{
"name": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153347/BlogEngine.NET-3.3.6-3.3.7-dirPath-Directory-Traversal-Remote-Code-Execution.html"
},
{
"name": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720",
"refsource": "MISC",
"url": "https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10719",
"datePublished": "2019-06-21T18:11:57.000Z",
"dateReserved": "2019-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:32:00.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6953 (GCVE-0-2013-6953)
Vulnerability from nvd – Published: 2014-01-02 17:00 – Updated: 2024-08-06 17:53
VLAI
Summary
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/553166 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2013-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#553166",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/553166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T17:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#553166",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/553166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#553166",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/553166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6953",
"datePublished": "2014-01-02T17:00:00.000Z",
"dateReserved": "2013-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6476 (GCVE-0-2008-6476)
Vulnerability from nvd – Published: 2009-03-16 16:00 – Updated: 2024-08-07 11:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34227 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/ref/44/blogengine-search-xss.txt | x_refsource_MISC |
| http://osvdb.org/44290 | vdb-entryx_refsource_OSVDB |
Date Public
2008-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:46.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34227"
},
{
"name": "blogengine-search-xss(49307)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/44/blogengine-search-xss.txt"
},
{
"name": "44290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34227"
},
{
"name": "blogengine-search-xss(49307)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/44/blogengine-search-xss.txt"
},
{
"name": "44290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34227"
},
{
"name": "blogengine-search-xss(49307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49307"
},
{
"name": "http://osvdb.org/ref/44/blogengine-search-xss.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/44/blogengine-search-xss.txt"
},
{
"name": "44290",
"refsource": "OSVDB",
"url": "http://osvdb.org/44290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6476",
"datePublished": "2009-03-16T16:00:00.000Z",
"dateReserved": "2009-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:46.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}