Vulnerabilities > Progress > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-5778 | SQL Injection vulnerability in Progress Whatsup Gold An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). | 9.8 |
| 2018-01-24 | CVE-2018-5777 | Unspecified vulnerability in Progress Whatsup Gold An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). | 9.8 |
| 2017-07-03 | CVE-2017-9248 | Insufficiently Protected Credentials vulnerability in multiple products Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | 9.8 |
| 2016-01-08 | CVE-2015-8261 | SQL Injection vulnerability in Progress Whatsup Gold 16.3 The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | 9.8 |
| 2007-07-15 | CVE-2007-2417 | Buffer Overflow vulnerability in Progress and OpenEdge _mprosrv Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. | 10.0 |
| 2007-04-25 | CVE-2007-2266 | Unspecified vulnerability in Progress Webspeed Messenger Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. | 10.0 |