Vulnerabilities > Progress > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2015-9245 | Improper Access Control vulnerability in Progress Openedge Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | 7.5 |
| 2007-06-29 | CVE-2007-3491 | Remote Security vulnerability in Progress Openedge 10.1A/10.1B/9.1E Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | 7.5 |
| 2007-05-04 | CVE-2007-2506 | Denial Of Service vulnerability in Progress WebSpeed WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. | 7.8 |
| 2007-04-30 | CVE-2007-2354 | Information Disclosure vulnerability in Webspeed Messenger Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | 7.8 |
| 2001-11-02 | CVE-2001-1129 | Unspecified vulnerability in Progress 9.1C Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | 7.2 |
| 2001-10-08 | CVE-2001-1128 | Buffer Overflow vulnerability in Progress Database Malicious ProTermCap File Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | 7.2 |
| 2001-10-05 | CVE-2001-1127 | Buffer Overflow vulnerability in Progress Database Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | 7.2 |
| 2000-02-03 | CVE-2000-0127 | Unspecified vulnerability in Progress Webspeed 3.0 The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | 7.5 |