Progress Telerik UI for ASP.NET AJAX Encryption Vulnerability

ASP.NET AJAX is a control for ASP.NET. Progress Telerik UI is a UI user interface for ASP.NET controls that handle AJAX, developed by Telerik USA. A security vulnerability in Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX versions prior to R1 2017 and R2 versions prior to R2 2017 SP2 stem...

CVE-2017-11357

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

CVE-2017-11317

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

CVE-2014-2217

CVE-2014-2217 describes an absolute path traversal in the RadAsyncUpload control of Telerik UI for ASP.NET AJAX, affecting versions before Q3 2012 SP2. An attacker can supply a full pathname in the UploadID metadata to write arbitrary files on the server and potentially execute arbitrary code. Th...