Subscribe via feed.

Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution

Posted by deepcore on March 4, 2017 – 10:33 pm

Ektron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.