Jon Park - Security Researcher - Exploit Intelligence Platform

CVE-2018-18326 METASPLOIT HIGH ruby WORKING POC

DNN 9.2-9.2.2 - Info Disclosure

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

CVSS 7.5

View Code

CVE-2017-9822 METASPLOIT HIGH ruby WORKING POC

DNN <9.1.1 - RCE

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

CVSS 8.8

View Code

CVE-2018-18325 METASPLOIT HIGH ruby WORKING POC

Dnnsoftware Dotnetnuke < 9.2.2 - Weak Encryption

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

CVSS 7.5

View Code

CVE-2018-15811 METASPLOIT HIGH ruby WORKING POC

Dnnsoftware Dotnetnuke < 9.2.1 - Weak Encryption

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVSS 7.5

View Code

CVE-2017-9822 EXPLOITDB HIGH ruby WORKING POC

DNN <9.1.1 - RCE

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

CVSS 8.8

View Code

CVE-2018-15811 EXPLOITDB HIGH ruby WORKING POC

Dnnsoftware Dotnetnuke < 9.2.1 - Weak Encryption

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVSS 7.5

View Code

CVE-2018-15812 EXPLOITDB HIGH ruby WORKING POC

DotNetNuke Cookie Deserialization Remote Code Excecution

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CVSS 7.5

View Code

CVE-2018-18325 EXPLOITDB HIGH ruby WORKING POC

Dnnsoftware Dotnetnuke < 9.2.2 - Weak Encryption

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

CVSS 7.5

View Code

CVE-2018-15812 METASPLOIT HIGH ruby WORKING POC

DotNetNuke Cookie Deserialization Remote Code Excecution

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CVSS 7.5

View Code

CVE-2018-18326 EXPLOITDB HIGH ruby WORKING POC

DNN 9.2-9.2.2 - Info Disclosure

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

CVSS 7.5

View Code