DotNetNuke 漏洞列表

共找到 8 个与 DotNetNuke 相关的漏洞

📅 加载漏洞趋势中...

CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure POC

日期: 2025-09-01 | 影响软件: DNN DotNetNuke

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1. shodan-query: - "Set-Cookie: dnn_IsMobile" - http.favicon.hash:-1465479343 fofa-query: - app="dotnetnuke" - "Set-Cookie: dnn_IsMobile" - icon_hash="-1465479343"
CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass POC

日期: 2025-08-01 | 影响软件: DotNetNuke

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery POC

日期: 2025-08-01 | 影响软件: DotNetNuke

DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution POC

日期: 2025-08-01 | 影响软件: DotNetNuke

DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution.
CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure POC

日期: 2025-08-01 | 影响软件: DNN DotNetNuke

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
DotNetNuke Install界面未授权访问(CVE-2015-2794) 无POC

日期: 2024-01-16 | 影响软件: DotNetNuke

DotNetNuke（DNN）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。DNN 7.4.1之前的版本中的installationwizard存在安全漏洞。远程攻击者可通过向Install/InstallWizard.aspx文件发送直接请求利用该漏洞重新安装应用程序，并获取SuperUser访问权限
DotNetNuke DreamSlider /DownloadProvider.aspx 路径存在任意文件下载漏洞无POC

日期: 2023-03-21 | 影响软件: DotNetNuke

DotNetNuke DreamSlider /DownloadProvider.aspx 路径存在任意文件下载漏洞
DotNetNuke 输入验证错误漏洞无POC

日期: 2017-07-20 | 影响软件: DotNetNuke

DNN（又名DotNetNuke）是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统（CMS）。该系统具有易于安装、可扩展、功能丰富等特点。 DotNetNuke 9.1.1之前版本中存在输入验证错误漏洞。远程攻击者可利用该漏洞执行代码。

CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure POC

CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass POC

CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery POC

CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution POC

CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure POC

DotNetNuke Install界面未授权访问(CVE-2015-2794) 无POC

DotNetNuke DreamSlider /DownloadProvider.aspx 路径存在任意文件下载漏洞 无POC

DotNetNuke 输入验证错误漏洞 无POC

DotNetNuke DreamSlider /DownloadProvider.aspx 路径存在任意文件下载漏洞无POC

DotNetNuke 输入验证错误漏洞无POC