56 matches found
Progress Telerik UI Remote Code Execution (CVE-2019-18935)
A remote code execution vulnerability exists in Progress Telerik UI for Asp.Net Ajax. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Progress Telerik UI for ASP.NET AJAX Code Issue Vulnerability
Progress Telerik UI for ASP.NET AJAX is an HTML editor. A code issue vulnerability exists in Progress Telerik UI for ASP.NET AJAX 2019.3.1023 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No...
CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...
Path traversal
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...
CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...
CVE-2019-19790
CVE-2019-19790 affects Telerik UI for ASP.NET AJAX RadChart. The vulnerability is a path traversal in RadChart that allows a remote attacker to read and delete image files with extensions .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server via a specially crafted request. Root cau...
Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax
CVE-2019-18935 Proof-of-concept exploit for a .NET JSON deser...
Deserialization of untrusted data
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...
PT-2019-4636
Name of the Vulnerable Software and Affected Versions Progress Telerik UI for ASP.NET AJAX versions prior to 2020.1.114 Description The issue concerns the deserialization of untrusted data, allowing for remote code execution. This has been exploited by multiple threat actors, including a...
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...
CVE-2019-18935
CVE-2019-18935 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload deserialization). The vulnerability allows remote code execution when encryption keys are known (e.g., via CVE-2017-11317/11357 or other means). Exploitation, if possible, can occur over network with low complexity and no...
Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities
The version of Telerik UI for ASP.NET AJAX installed on the remote Windows host is affected by multiple vulnerabilities in Telerik.Web.UI.dll. An unauthenticated, remote attacker can exploit this, via specially crafted data, to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Securit...
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker Filename: dpcrypto.py Github: https://github.com/bao7uo/dpcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: Telerik UI for ASP.NET AJAX CVE: CVE-2017-9248 Vend...
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
Exploit Title: Telerik UI for ASP.NET AJAX RadAsyncUpload uploader Filename: RAUcrypto.py Github: https://github.com/bao7uo/RAUcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: Telerik UI for ASP.NET AJAX CVE: CVE-2017-11317,...
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Encryption Keys Disclosure
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Encryption Keys Disclosure Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker Filename: dpcrypto.py Github: https://github.com/bao7uo/dpcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website:...
Code injection
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...
CVE-2017-11357
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...
CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...
CVE-2017-11317
CVE-2017-11317 affects Telerik Web UI for ASP.NET AJAX prior to R1 2017 and R2 prior to R2 2017 SP2. The issue is a weak encryption/serialization flaw in RadAsyncUpload that enables remote attackers to upload arbitrary files or execute arbitrary code. The root cause is described as a deserializat...
CVE-2017-11357
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...