2014-01-02 17:00:00
certcc
PUBLISHED
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.