Lucene search
K

155 matches found

CNNVD
CNNVD
added 2023/06/23 12:0 a.m.4 views

Progress Software WhatsUp Gold 跨站脚本漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold prior to version 23.0...

6.1CVSS5.9AI score0.0213EPSS
Exploits3References3
Talos Blog
Talos Blog
added 2023/06/16 6:17 p.m.42 views

Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362, a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer MFT solution that has been actively targeted since late May 2023. Successful exploitation could lead to remote code executi...

7.5CVSS10.9AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/06/16 3:35 a.m.119 views

Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is being tracked as CVE-2023-35708, also concerns an SQL injection vulnerability that...

9.8CVSS9.9AI score0.99934EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2023/06/14 7:10 p.m.60 views

CVE-2023-34362: MOVEit Vulnerability Timeline of Events

The following article was written by Drew Burton and Cynthia Wyre. Rapid7 continues to track the impact of CVE-2023-34362, a critical zero-day vulnerability in Progress Software’s MOVEit Transfer solution. CVE-2023-34362 allows for SQL injection, which can result in unauthorized access to sensiti...

7.5CVSS9.8AI score0.99934EPSS
Exploits15
Malwarebytes
Malwarebytes
added 2023/06/12 2:0 a.m.39 views

More MOVEit vulnerabilities found while the first one still resonates

In early June, we reported on the discovery of a critical vulnerability in MOVEit Transfer--known as CVE-2023-34362. After the first vulnerability was discovered, MOVEit's owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the...

7.5CVSS8.6AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/06/10 8:50 a.m.211 views

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!

Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in...

9.8CVSS10.2AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/06/08 1:56 p.m.62 views

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

10.5AI score0.99934EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2023/06/01 3:23 p.m.212 views

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...

7.5CVSS10.4AI score0.99934EPSS
Exploits15
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.3 views

Progress Software WS_FTP Server 安全漏洞

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server that stems from insufficient authorization controls over user modifications to the workflow application, where host...

7.2CVSS7AI score0.00887EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.18 views

Progress Software WhatsUp Gold 代码问题漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability in Progress Software WhatsUp Gold versions 21.0.0 through 21.1...

7.5CVSS7.5AI score0.55861EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.44 views

Progress Software WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...

6.5CVSS6.5AI score0.03914EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/28 12:0 a.m.5 views

Progress Software Corporation Progress WhatsUp Gold 跨站脚本漏洞

Progress Software Corporation Progress WhatsUp Gold is a network monitoring software from Progress Software Corporation, USA. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. Progress WhatsUp Gold suffers from a cross-site...

6.1CVSS6.5AI score0.05881EPSS
Exploits4References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/16 7:59 a.m.60 views

Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Data Access Pack (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 can be configured for the IBM SPSS Data Access Pack. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain...

4.3CVSS1.4AI score0.99999EPSS
Exploits7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:9 p.m.23 views

Security Bulletin: Multiple vulnerabilities affect IBM InfoSphere Information Server (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593 CVE-2015-0138 CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...

5.4CVSS0.1AI score0.74006EPSS
Exploits5Affected Software1
CVE
CVE
added 2017/10/31 7:0 a.m.301 views

CVE-2015-9245

Progress Software OpenEdge 10.2x and 11.x are affected by CVE-2015-9245 due to an insecure default configuration. The vulnerability allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes through port 20931. This is rooted in the def...

9.8CVSS9.5AI score0.01856EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/31 7:0 a.m.16 views

CVE-2015-9245

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931...

9.8AI score0.01856EPSS
Exploits0References1
NVD
NVD
added 2014/11/12 4:55 p.m.11 views

CVE-2014-8555

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...

5CVSS6.6AI score0.07453EPSS
Exploits4References4
Prion
Prion
added 2014/11/12 4:55 p.m.12 views

Directory traversal

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...

5CVSS7.1AI score0.07453EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2014/11/12 4:0 p.m.20 views

CVE-2014-8555

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...

6.6AI score0.07453EPSS
Exploits4References4
CVE
CVE
added 2014/11/12 4:0 p.m.49 views

CVE-2014-8555

CVE-2014-8555 : A directory traversal in Progress OpenEdge 11.2’s report/reportViewAction.jsp allows remote attackers to read arbitrary files by manipulating the selection parameter with dot-dot sequences. Public exploit references (Exploits/35127, PacketStorm) describe requesting URLs like repor...

5CVSS6.8AI score0.07453EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder