CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

EUVD-2021-15918

Malware in sbrugna...

CVE-2021-29281

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317...

CVE-2021-29281

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317...

Unrestricted file upload

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317...

CVE-2021-29281

CVE-2021-29281 is a file-upload vulnerability in GFI Mail Archiver prior to or up to v15.1 caused by insecure use of the Telerik Web UI plugin, tying to CVE-2014-2217 and CVE-2017-11317. The vulnerability enables arbitrary file uploads/execution via the Telerik UI for ASP.NET AJAX file upload iss...

Deserialization of untrusted data

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

CVE-2021-44029

CVE-2021-44029 affects Quest KACE Desktop Authority prior to 11.2. The issue allows remote code execution via deserialization in the RadAsyncUpload function of ASP.NET AJAX; exploitation is possible when encryption keys are known (related to CVE-2017-11317/11357 or other means). In newer ASP.NET ...

U.S. Dept Of Defense: Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935)

Description: https://██████/██████████/Telerik.Web.UI.WebResource.axd?type=rau is vulnerable to CVE-2017-11317 and CVE-2019-18935, allowing an attacker to upload arbitrary files and gain remote code execution on the underlying system. References...

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization Exploit

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload RAU component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization...

CVE-2017-11317

creationtimestamp| type| source ---|---|--- 2020-10-20 15:57:21+00:00| seen| MISP/42d04e94-bf5b-427d-acc8-f5d740675941 2020-10-20 15:58:04+00:00| seen| MISP/d925a2ee-e7cf-46f6-bec1-ad8e19122730 2020-10-20 18:32:21+00:00| seen|...

Telerik UI Arbitrary File Upload (CVE-2017-11317; CVE-2017-11357)

An arbitrary file upload vulnerability exists in Telerik UI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

U.S. Dept Of Defense: Remote Code Execution via CVE-2019-18935

Summary: The website at https://█████████/apps/XTRAHome/Telerik.Web.UI.WebResource.axd?type=rau is vulnerable to CVE-2017-11317 and CVE-2019-18935, allowing an attacker to upload arbitrary files and gain remote code execution on the underlying system. Step-by-step Reproduction Instructions 1...

Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX prior to 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or...

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

RAUcrypto !Languagehttps://img.shields.io/badge/Lang-Pyth...

Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

U.S. Dept Of Defense: Remote Code Execution via Insecure Deserialization in Telerik UI

Hello, I found an outdated version of Telerik Web UI v2016.2.607.40 at the following URL: https://███/Telerik.Web.UI.WebResource.axd?type=rau. This means that we can achieve full RCE by chaining two different CVEs: CVE-2017-11317, which allows us to upload arbitrary files on the server, and...

shawanoschools.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1088962 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Deserialization of untrusted data

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...