Vulnerabilities > Progress > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2020-8611 | SQL Injection vulnerability in multiple products In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. | 8.8 |
| 2019-06-03 | CVE-2019-12097 | Improper Validation of Integrity Check Value vulnerability in Progress Fiddler 5.0.20182.28034 Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe. | 7.8 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 8.8 |
| 2017-07-17 | CVE-2017-1000026 | Path Traversal vulnerability in Progress Mixlib-Archive 0.1.0/0.2.0/0.3.0 Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | 7.5 |
| 2016-10-06 | CVE-2016-1000000 | SQL Injection vulnerability in Progress Whatsup Gold Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | 8.8 |