Filtered by vendor Progress
Subscribe
Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9248 | 2 Progress, Telerik | 2 Sitefinity, Ui For Asp.net Ajax | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | |||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
| CVE-2017-1000026 | 1 Progress | 1 Mixlib-archive | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | |||||
| CVE-2017-9140 | 1 Progress | 2 Sitefinity Cms, Telerik Reporting | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | |||||
| CVE-2015-6005 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 3.5 LOW | 6.9 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | |||||
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 6.5 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2014-8555 | 1 Progress | 1 Openedge | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||||
| CVE-2012-4344 | 1 Progress | 1 Whatsup Gold | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. | |||||
| CVE-2012-2601 | 1 Progress | 1 Whatsup Gold | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |||||
| CVE-2007-2602 | 1 Progress | 1 Whatsup Gold | 2025-04-09 | 7.8 HIGH | N/A |
| Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. | |||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2025-04-09 | 7.8 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | |||||
| CVE-2006-5001 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | |||||
| CVE-2008-0590 | 1 Progress | 1 Ws Ftp Server | 2025-04-09 | 9.0 HIGH | N/A |
| Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. | |||||
| CVE-2007-2506 | 1 Progress | 2 Progress, Webspeed | 2025-04-09 | 7.8 HIGH | N/A |
| WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. | |||||
| CVE-2007-2417 | 2 Progress, Rsa | 4 Openedge, Progress, Ace Server and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. | |||||
| CVE-2007-3491 | 1 Progress | 1 Openedge | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | |||||
| CVE-2007-2266 | 1 Progress | 1 Webspeed Messenger | 2025-04-09 | 10.0 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. | |||||
| CVE-2006-5000 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | |||||