155 matches found
Progress Software WhatsUp Gold 跨站脚本漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold prior to version 23.0...
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362, a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer MFT solution that has been actively targeted since late May 2023. Successful exploitation could lead to remote code executi...
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is being tracked as CVE-2023-35708, also concerns an SQL injection vulnerability that...
CVE-2023-34362: MOVEit Vulnerability Timeline of Events
The following article was written by Drew Burton and Cynthia Wyre. Rapid7 continues to track the impact of CVE-2023-34362, a critical zero-day vulnerability in Progress Software’s MOVEit Transfer solution. CVE-2023-34362 allows for SQL injection, which can result in unauthorized access to sensiti...
More MOVEit vulnerabilities found while the first one still resonates
In early June, we reported on the discovery of a critical vulnerability in MOVEit Transfer--known as CVE-2023-34362. After the first vulnerability was discovered, MOVEit's owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the...
New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in...
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...
Progress Software WS_FTP Server 安全漏洞
Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server that stems from insufficient authorization controls over user modifications to the workflow application, where host...
Progress Software WhatsUp Gold 代码问题漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability in Progress Software WhatsUp Gold versions 21.0.0 through 21.1...
Progress Software WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...
Progress Software Corporation Progress WhatsUp Gold 跨站脚本漏洞
Progress Software Corporation Progress WhatsUp Gold is a network monitoring software from Progress Software Corporation, USA. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. Progress WhatsUp Gold suffers from a cross-site...
Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Data Access Pack (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 can be configured for the IBM SPSS Data Access Pack. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain...
Security Bulletin: Multiple vulnerabilities affect IBM InfoSphere Information Server (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593 CVE-2015-0138 CVE-2015-2808)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...
CVE-2015-9245
Progress Software OpenEdge 10.2x and 11.x are affected by CVE-2015-9245 due to an insecure default configuration. The vulnerability allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes through port 20931. This is rooted in the def...
CVE-2015-9245
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931...
CVE-2014-8555
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...
Directory traversal
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...
CVE-2014-8555
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...
CVE-2014-8555
CVE-2014-8555 : A directory traversal in Progress OpenEdge 11.2’s report/reportViewAction.jsp allows remote attackers to read arbitrary files by manipulating the selection parameter with dot-dot sequences. Public exploit references (Exploits/35127, PacketStorm) describe requesting URLs like repor...