PT-2022-19168 · Devexpress · Safebinaryformatter +1

Name of the Vulnerable Software and Affected Versions: DevExpress affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The flaw exists within the SafeBinaryFormatter...

DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress XtraReports. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation...

CVE-2021-36483

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization...

CVE-2021-36483

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization...

CVE-2021-36483

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization...

CVE-2021-36483

CVE-2021-36483 affects DevExpress.XtraReports.UI up to v21.1. It involves insecure deserialization that could allow an attacker to execute arbitrary code. The ZDI advisory notes this requires authentication and targets the SafeBinaryFormatter deserialization path in DevExpress XtraReports. Public...

PT-2021-21277 · Devexpress · Devexpress.Xtrareports.Ui

Name of the Vulnerable Software and Affected Versions: DevExpress.XtraReports.UI versions prior to v21.1 Description: The issue allows attackers to execute arbitrary code via insecure deserialization. There is no information provided about the estimated number of potentially affected devices...

DevExpress XtraReports.UI 代码问题漏洞

DevExpress XtraReports.UI is an assembly from DevExpress, Inc. A security vulnerability exists in DevExpress.XtraReports.UI version 21.1 and earlier, which allows an attacker to execute arbitrary code via insecure deserialization...

@cardgamesplay/klondike (>=0.1.0 <=0.1.1), @devexpress/analytics-core (>=18.2.7 <=19.1.1-alpha-19071-2010) +68 more potentially affected by CVE-2019-14862 via knockout (>=2.2.1 <=3.5.0-beta)

knockout NPM version =2.2.1, =0.1.0, =18.2.7, =4.0.0, =0.1.0-zgx, =0.1.0, =1.0.0, =0.0.1, =0.2.20, =18.2.7, =17.2.2-beta, =18.2.7, =1.2.1, =2.0.1-beta, =2.0.4-beta and more Source cves: CVE-2019-14862 Source advisory: OSV:GHSA-VCJJ-XF2R-MWVC...

search.devexpress.com XSS vulnerability

Vulnerable URL: https://search.devexpress.com/?q=" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|---...

CVE-2015-4670

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...

Directory traversal

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...

CVE-2015-4670

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...

CVE-2015-4670

CVE-2015-4670 affects the AjaxFileUpload control in the AjaxControlToolkit (Ajax Control Toolkit) before 15.1. The issue: the uploaded file’s fileId GUID is not validated, allowing directory traversal with “..” to write files to arbitrary locations via AjaxFileUploadHandler.axd. Veracode and rela...

DevExpress 13.2.8 /FileManagerComponent.aspx 目录穿越漏洞

No description provided by source...

DevExpress ASPxFileManager 10.2 to 13.2.8 - Directory Traversal

No description provided by source...

[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager

Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files by specifying a relative path. Details =====...

DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal

DevExpress ASPxFileManager 10.2 13.2.8 - Directory Traversal Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read...

DevExpress ASPxFileManager 10.2 to 13.2.8 - Directory Traversal

Exploit for asp platform in category web applications Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files ...

DevExpress ASPxFileManager 10.2 &lt; 13.2.8 - Directory Traversal

Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files by specifying a relative path. Details =====...