6 matches found
CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX
In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...
CVE-2026-6022
CVE-2026-6022 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload). Before 2026.1.421, RadAsyncUpload allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, causing disk space exhaustion. Affected: RadAsyncUpload in T...
CVE-2026-2878 Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering...
CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...
The vulnerability of the Telerik UI software for ASP.NET AJAX, related to the encryption flaws in RadAsyncUpload, allows attackers to perform arbitrary file uploads or execute arbitrary code.
The vulnerability of the Telerik UI software for ASP.NET AJAX is related to the shortcomings of the RadAsyncUpload encryption mechanism. Exploiting this vulnerability allows a malicious actor to perform arbitrary file uploads or execute arbitrary code...
CVE-2017-11357
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...