Deserialization of untrusted data

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

CVE-2021-44029

CVE-2021-44029 affects Quest KACE Desktop Authority prior to 11.2. The issue allows remote code execution via deserialization in the RadAsyncUpload function of ASP.NET AJAX; exploitation is possible when encryption keys are known (related to CVE-2017-11317/11357 or other means). In newer ASP.NET ...

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

This module exploits the .NET deserialization vulnerability within the RadAsyncUpload RAU component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw...

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization Exploit

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload RAU component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization...

VulnCheck KEV: CVE-2017-11357

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution...

Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX prior to 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or...

Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by multiple vulnerabilities in Telerik.Web.UI.dll : - An insecure direct object reference vulnerability due to user input used directly by RadAsyncUpload without modification or validation...

Remote Code Execution

telerik is vulnerable to remote code execution. A .NET JavaScriptSerializer Deserialization vulnerability through RadAsyncUpload allows an attacker to execute malicious code on the server in the context of the w3wp.exe process...

VulnCheck KEV: CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...

Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

The vulnerability of the RadAsyncUpload function in the Telerik UI framework for ASP.NET AJAX allows a hacker to execute arbitrary code in the target system.

The vulnerability of the RadAsyncUpload function in the Telerik UI for ASP.NET AJAX is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system by sending specially crafted POST requests...

Deserialization of untrusted data

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

CVE-2019-18935 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload deserialization). The vulnerability allows remote code execution when encryption keys are known (e.g., via CVE-2017-11317/11357 or other means). Exploitation, if possible, can occur over network with low complexity and no...

Sitefinity < 10.0.6412.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is prior to 10.0.6412.0. It is, therefore, affected by multiple vulnerabilities in Telerik DialogHandler and RadAsyncUpload : - A cryptographic weakness exists in Telerik.Web.UI that can be exploited to disclose encryption keys - An...

Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities

The version of Telerik UI for ASP.NET AJAX installed on the remote Windows host is affected by multiple vulnerabilities in Telerik.Web.UI.dll. An unauthenticated, remote attacker can exploit this, via specially crafted data, to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Securit...

Telerik UI for ASP.NET AJAX 2012.3.1308 &lt; 2017.1.118 - Arbitrary File Upload

Exploit Title: Telerik UI for ASP.NET AJAX RadAsyncUpload uploader Filename: RAUcrypto.py Github: https://github.com/bao7uo/RAUcrypto Date: 2018-01-23 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: Telerik UI for ASP.NET AJAX CVE: CVE-2017-11317,...

Progress Telerik UI for ASP.NET AJAX Arbitrary File Upload Vulnerability

ASP.NET AJAX is a control for ASP.NET. Progress Telerik UI is a UI user interface for ASP.NET controls that handle AJAX, developed by Telerik USA. A security vulnerability exists in versions of Progress Telerik UI for ASP.NET AJAX prior to R2 2017 SP2, which stems from the program failing to...