VYPR

Vendor CVEs

Progress (organisation)

All CVEs

218 total · sorted by risk
  • CVE-2020-8983May 7, 2020
    risk 0.00cvss epss 0.05

    An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile,…

  • CVE-2020-11414Mar 31, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location…

  • CVE-2019-17392Nov 26, 2019
    risk 0.00cvss epss 0.01

    Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

  • CVE-2017-18639Nov 6, 2019
    risk 0.00cvss epss 0.01

    Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title,…

  • CVE-2019-12146Jun 11, 2019
    risk 0.00cvss epss 0.04

    A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their…

  • CVE-2019-7215Jun 6, 2019
    risk 0.00cvss epss 0.01

    Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account…

  • CVE-2014-2217Dec 25, 2014
    risk 0.00cvss epss 0.04

    Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata…

  • CVE-2007-3491Jun 29, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.

  • CVE-2007-2602May 11, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with…

  • CVE-2007-2354Apr 30, 2007
    risk 0.00cvss epss 0.02

    Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.

  • CVE-2007-2266Apr 25, 2007
    risk 0.00cvss epss 0.02

    Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file…

  • CVE-2004-1885Dec 31, 2004
    risk 0.00cvss epss 0.04

    Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.

  • CVE-2004-0799Oct 20, 2004
    risk 0.00cvss epss 0.06

    The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".

  • CVE-2004-1884Mar 23, 2004
    risk 0.00cvss epss 0.06

    Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

  • CVE-2003-0485Aug 7, 2003
    risk 0.00cvss epss 0.01

    Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.

  • CVE-2001-1129Nov 2, 2001
    risk 0.00cvss epss 0.00

    Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by…

  • CVE-2001-1128Oct 8, 2001
    risk 0.00cvss epss 0.01

    Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.

  • CVE-2000-0127Feb 3, 2000
    risk 0.00cvss epss 0.04

    The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.

Page 5 of 5