Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Technical specifics and a proof-of-concept PoC exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403...

Progress Software WS_FTP Server Security Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.5 that stems from the presence of a cross-site scripting vulnerability...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in versions of Progress Software WSFTP Server prior to 8.8.4 that stems from not limiting the number of file uploads...

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...

Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WSFTP Server Ad hoc Transfer Module and in the WSFTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in Progress Software WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker can exploit this vulnerability to remotely execute arbitrary commands...

WS_FTP Server Cross-Site Scripting Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A cross-site scripting vulnerability exists in WSFTP Server versions prior to 8.8.2. An attacker could exploit this vulnerability to execute malicious JavaScript in the victim's browser...

WS_FTP Server Path Traversal Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker can exploit the vulnerability to read arbitrary files on the server running the application...

Progress Software WS_FTP Server Security Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.2. An attacker can use this vulnerability to enumerate files in the "WebServiceHost" directory listi...

MOVEit Transfer fixes three new vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has warned about three new vulnerabilities in Progress Software's MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information. In the advisory, CISA encouraged users to review Progress MOVEi...

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability,...

Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the human.aspx endpoint. A crafted request can trigger execution of SQ...