Filtered by vendor Progress
Subscribe
Total
143 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0826 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | |||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2024-11-20 | 7.2 HIGH | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | |||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2024-11-20 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2024-11-20 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
| CVE-2001-1021 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. | |||||
| CVE-2000-0127 | 1 Progress | 1 Webspeed | 2024-11-20 | 7.5 HIGH | N/A |
| The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | |||||
| CVE-1999-1171 | 2 Ipswitch, Progress | 2 Imail, Ipswitch Ws Ftp Server | 2024-11-20 | 4.6 MEDIUM | N/A |
| IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
| CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ipswitch Ws Ftp Server | 2024-11-20 | 4.6 MEDIUM | N/A |
| IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
| CVE-2024-1212 | 1 Progress | 1 Loadmaster | 2024-11-19 | N/A | 9.8 CRITICAL |
| Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | |||||
| CVE-2024-8049 | 1 Progress | 1 Telerik Document Processing Libraries | 2024-11-18 | N/A | 6.5 MEDIUM |
| In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | |||||
| CVE-2024-7295 | 1 Progress | 1 Telerik Report Server | 2024-11-18 | N/A | 6.2 MEDIUM |
| In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | |||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | N/A | 7.5 HIGH |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | |||||
| CVE-2024-0833 | 1 Progress | 1 Telerik Test Studio | 2024-10-17 | N/A | 7.8 HIGH |
| In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | |||||
| CVE-2023-6595 | 1 Progress | 1 Whatsup Gold | 2024-10-16 | N/A | 5.3 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. | |||||
| CVE-2023-6368 | 1 Progress | 1 Whatsup Gold | 2024-10-16 | N/A | 5.3 MEDIUM |
| In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. | |||||
| CVE-2024-8048 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 7.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | |||||
| CVE-2024-8015 | 1 Progress | 1 Telerik Report Server | 2024-10-15 | N/A | 7.2 HIGH |
| In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
| CVE-2024-8014 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 8.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
| CVE-2024-7840 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 7.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2024-7294 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 6.5 MEDIUM |
| In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | |||||