Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-5778 | SQL Injection vulnerability in Progress Whatsup Gold An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). | 9.8 |
| 2018-01-24 | CVE-2018-5777 | Unspecified vulnerability in Progress Whatsup Gold An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). | 9.8 |
| 2018-01-08 | CVE-2017-15883 | Improper Authentication vulnerability in Progress Sitefinity Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | 9.8 |
| 2017-10-31 | CVE-2015-9245 | Improper Access Control vulnerability in Progress Openedge Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | 9.8 |
| 2017-07-17 | CVE-2017-1000026 | Path Traversal vulnerability in Progress Mixlib-Archive 0.1.0/0.2.0/0.3.0 Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | 7.5 |
| 2017-07-03 | CVE-2017-9248 | Insufficiently Protected Credentials vulnerability in multiple products Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | 9.8 |
| 2017-05-22 | CVE-2017-9140 | Cross-site Scripting vulnerability in Progress Sitefinity CMS and Telerik Reporting Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | 6.1 |
| 2016-10-06 | CVE-2016-1000000 | SQL Injection vulnerability in Progress Whatsup Gold Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | 8.8 |
| 2016-01-08 | CVE-2015-8261 | SQL Injection vulnerability in Progress Whatsup Gold 16.3 The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | 9.8 |
| 2015-12-27 | CVE-2015-6005 | Cross-site Scripting vulnerability in Progress Whatsup Gold Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | 6.9 |