Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.21 views

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

9.8CVSS9.9AI score0.99737EPSS
Exploits20References1
ThreatPost
ThreatPost
added 2021/10/13 11:22 a.m.79 views

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team — no ransomware...

10CVSS9AI score0.99737EPSS
Exploits18References10
Hacker One
Hacker One
added 2021/04/25 9:38 a.m.96 views

U.S. Dept Of Defense: Remote Code Execution via Insecure Deserialization in Telerik UI (CVE-2019-18935)

Description: https://██████/██████████/Telerik.Web.UI.WebResource.axd?type=rau is vulnerable to CVE-2017-11317 and CVE-2019-18935, allowing an attacker to upload arbitrary files and gain remote code execution on the underlying system. References...

7.5CVSS0.2AI score0.99737EPSS
Exploits19
Rapid7 Blog
Rapid7 Blog
added 2020/10/23 6:56 p.m.258 views

Metasploit Wrap-Up

Metasploit keeping that developer awareness rate up. Thanks to mrme & wvu, SharePoint is an even better target to find in your next penetration test. The newly minted module can net you a shell and a copy of the servers config, making that report oh so much more fun. Like to escape the sandbox?...

9CVSS8.5AI score0.99737EPSS
Exploits41
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.1746 views

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include...

7.5CVSS0.4AI score0.99737EPSS
Exploits19
GithubExploit
GithubExploit
added 2020/08/26 8:57 p.m.208 views

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

TelerikUI Python Scanner telerikrcescan.py Examples A...

9.8CVSS8.6AI score0.99737EPSS
Exploits16
Hacker One
Hacker One
added 2020/07/02 8:13 a.m.2505 views

U.S. Dept Of Defense: Remote Code Execution via CVE-2019-18935

Summary: The website at https://█████████/apps/XTRAHome/Telerik.Web.UI.WebResource.axd?type=rau is vulnerable to CVE-2017-11317 and CVE-2019-18935, allowing an attacker to upload arbitrary files and gain remote code execution on the underlying system. Step-by-step Reproduction Instructions 1...

7.5CVSS0.4AI score0.99737EPSS
Exploits19
GithubExploit
GithubExploit
added 2020/05/29 7:29 a.m.1012 views

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

RAUcrypto !Languagehttps://img.shields.io/badge/Lang-Pyth...

9.8CVSS8.9AI score0.99737EPSS
Exploits23
GithubExploit
GithubExploit
added 2020/05/25 8:37 a.m.271 views

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

TelerikUI Python Scanner telerikrcescan.py Examples A...

9.8CVSS8.6AI score0.99737EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.595 views

Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

9.8CVSS8.5AI score0.99737EPSS
Exploits19References4
Hacker One
Hacker One
added 2020/04/03 2:48 p.m.1922 views

U.S. Dept Of Defense: Remote Code Execution via Insecure Deserialization in Telerik UI

Hello, I found an outdated version of Telerik Web UI v2016.2.607.40 at the following URL: https://███/Telerik.Web.UI.WebResource.axd?type=rau. This means that we can achieve full RCE by chaining two different CVEs: CVE-2017-11317, which allows us to upload arbitrary files on the server, and...

7.5CVSS0.1AI score0.99737EPSS
Exploits19
Check Point Advisories
Check Point Advisories
added 2020/03/09 12:0 a.m.14 views

Progress Telerik UI Remote Code Execution (CVE-2019-18935)

A remote code execution vulnerability exists in Progress Telerik UI for Asp.Net Ajax. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.99737EPSS
Exploits16
0day.today
0day.today
added 2019/12/18 12:0 a.m.678 views

Telerik UI - Remote Code Execution via Insecure Deserialization Exploit

Exploit for asp platform in category web applications Telerik UI - Remote Code Execution via Insecure Deserialization Exploit See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of...

0.3AI score0.99737EPSS
Exploits16
exploitpack
exploitpack
added 2019/12/18 12:0 a.m.624 views

Telerik UI - Remote Code Execution via Insecure Deserialization

Telerik UI - Remote Code Execution via Insecure Deserialization See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with...

7.5CVSS0.3AI score0.99737EPSS
Exploits16
Exploit DB
Exploit DB
added 2019/12/18 12:0 a.m.874 views

Telerik UI - Remote Code Execution via Insecure Deserialization

See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...

9.8CVSS9.8AI score0.99737EPSS
Exploits16
Circl
Circl
added 2019/12/16 10:28 a.m.8 views

CVE-2019-18935

creationtimestamp| type| source ---|---|--- 2019-12-16 10:28:50+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/3527 2019-12-17 21:25:58+00:00| published-proof-of-concept| https://t.me/antichat/7389 2019-12-17 22:22:18+00:00| published-proof-of-concept|...

9.8CVSS7.1AI score0.99737EPSS
In wildExploits16References32
Vulnrichment
Vulnrichment
added 2019/12/11 12:0 a.m.18 views

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

9.9AI score0.99737EPSS
Exploits16References10
ATTACKERKB
ATTACKERKB
added 2019/12/11 12:0 a.m.182 views

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

9.8CVSS10AI score0.99737EPSS
In wildExploits20References12
CVE
CVE
added 2019/12/11 12:0 a.m.1767 views

CVE-2019-18935

CVE-2019-18935 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload deserialization). The vulnerability allows remote code execution when encryption keys are known (e.g., via CVE-2017-11317/11357 or other means). Exploitation, if possible, can occur over network with low complexity and no...

9.8CVSS9.7AI score0.99737EPSS
In wildExploits16References11Affected Software1
GithubExploit
GithubExploit
added 2018/01/09 1:53 p.m.302 views

Exploit for Inadequate Encryption Strength in Telerik Ui_For_Asp.Net_Ajax

RAUcrypto !Languagehttps://img.shields.io/badge/Lang-Pyth...

9.8CVSS8.8AI score0.99737EPSS
Exploits23
Rows per page
Query Builder