29 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html https://www.openwall.com/lists/oss-security/2023/01/05/1 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. MonoX versiones anteriores a la versión 5.1.40.5152, permite a administradores ejecutar código arbitrario al modificar una plantilla ASPX. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20Template%20Modification • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. MonoX versiones anteriores a 5.1.40.5152, permite una ejecución de código remota por medio de los archivos HTML5Upload.ashx o Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx debido a una deserialización en ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload y SilverLightUploadHandler. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Remote%20Code%20Execution%20via%20Insecure%20Deserialization • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. MonoX versiones anteriores a 5.1.40.5152, permite un ataque de tipo XSS almacenado por medio de User Status, Blog Comments, o Blog Description. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Multiple%20Cross-Site-Scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. MonoX versiones anteriores a la versión 5.1.40.5152, permite a los administradores ejecutar programas arbitrarios al reconfigurar el ajuste de Converter Executable del archivo ffmpeg.exe a un programa diferente. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20ConvertVideo •