Vendor CVEs
Progress (organisation)
All CVEs
218 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8983 | 0.00 | — | 0.05 | May 7, 2020 | An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile,… | |||
| CVE-2020-11414 | 0.00 | — | 0.01 | Mar 31, 2020 | An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location… | |||
| CVE-2019-17392 | 0.00 | — | 0.01 | Nov 26, 2019 | Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | |||
| CVE-2017-18639 | 0.00 | — | 0.01 | Nov 6, 2019 | Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title,… | |||
| CVE-2019-12146 | 0.00 | — | 0.04 | Jun 11, 2019 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their… | |||
| CVE-2019-7215 | 0.00 | — | 0.01 | Jun 6, 2019 | Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account… | |||
| CVE-2014-2217 | 0.00 | — | 0.04 | Dec 25, 2014 | Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata… | |||
| CVE-2007-3491 | 0.00 | — | 0.03 | Jun 29, 2007 | Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | |||
| CVE-2007-2602 | 0.00 | — | 0.03 | May 11, 2007 | Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with… | |||
| CVE-2007-2354 | 0.00 | — | 0.02 | Apr 30, 2007 | Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | |||
| CVE-2007-2266 | 0.00 | — | 0.02 | Apr 25, 2007 | Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file… | |||
| CVE-2004-1885 | 0.00 | — | 0.04 | Dec 31, 2004 | Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | |||
| CVE-2004-0799 | 0.00 | — | 0.06 | Oct 20, 2004 | The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". | |||
| CVE-2004-1884 | 0.00 | — | 0.06 | Mar 23, 2004 | Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | |||
| CVE-2003-0485 | 0.00 | — | 0.01 | Aug 7, 2003 | Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type. | |||
| CVE-2001-1129 | 0.00 | — | 0.00 | Nov 2, 2001 | Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by… | |||
| CVE-2001-1128 | 0.00 | — | 0.01 | Oct 8, 2001 | Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||
| CVE-2000-0127 | 0.00 | — | 0.04 | Feb 3, 2000 | The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. |
- CVE-2020-8983May 7, 2020risk 0.00cvss —epss 0.05
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile,…
- CVE-2020-11414Mar 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location…
- CVE-2019-17392Nov 26, 2019risk 0.00cvss —epss 0.01
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
- CVE-2017-18639Nov 6, 2019risk 0.00cvss —epss 0.01
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title,…
- CVE-2019-12146Jun 11, 2019risk 0.00cvss —epss 0.04
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their…
- CVE-2019-7215Jun 6, 2019risk 0.00cvss —epss 0.01
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account…
- CVE-2014-2217Dec 25, 2014risk 0.00cvss —epss 0.04
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata…
- CVE-2007-3491Jun 29, 2007risk 0.00cvss —epss 0.03
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
- CVE-2007-2602May 11, 2007risk 0.00cvss —epss 0.03
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with…
- CVE-2007-2354Apr 30, 2007risk 0.00cvss —epss 0.02
Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.
- CVE-2007-2266Apr 25, 2007risk 0.00cvss —epss 0.02
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file…
- CVE-2004-1885Dec 31, 2004risk 0.00cvss —epss 0.04
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
- CVE-2004-0799Oct 20, 2004risk 0.00cvss —epss 0.06
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
- CVE-2004-1884Mar 23, 2004risk 0.00cvss —epss 0.06
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
- CVE-2003-0485Aug 7, 2003risk 0.00cvss —epss 0.01
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
- CVE-2001-1129Nov 2, 2001risk 0.00cvss —epss 0.00
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by…
- CVE-2001-1128Oct 8, 2001risk 0.00cvss —epss 0.01
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
- CVE-2000-0127Feb 3, 2000risk 0.00cvss —epss 0.04
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
Page 5 of 5