PT-2023-27717 · Grzegorz Marczynski · Dynamic Progress Bar

Name of the Vulnerable Software and Affected Versions: Grzegorz Marczynski Dynamic Progress Bar versions 11.0 through 11.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 12.0 through 12.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 13.0 through 13.0.2 Grzegorz Marczynski Dynamic...

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...

CVE-2023-40954

CVE-2023-40954 is a SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (web_progress) affecting versions 11.0–11.0.2, 12.0–12.0.2, 13.0–13.0.2, 14.0–14.0.2.1, 15.0–15.0.2, and 16.0–16.0.2.1. The issue allows remote attackers to gain privileges via the recency parameter in mod...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Odoo web progress security vulnerability

Odoo web progress is a dynamic progress bar module from Odoo Belgium. A security vulnerability exists in Odoo web progress that stems from a SQL injection vulnerability in the models/webprogresss.py component. Affected products and versions: Grzegorz Marczynski Dynamic Progress Bar versions 11.0...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Access Control Error Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

loefflerlawyers.com Improper Access Control vulnerability OBB-3803941

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Progress MOVEit Transfer < 2022.0.9 / 2022.1 < 2022.1.10 / 2023.0 < 2023.0.7 / 2023.1.1 Multiple Vulnerabilities (November 2023)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2022.0.9, 2022.1 prior to 2022.1.10, 2023.0 prior to 2023.0.7 or 2023.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in Progress Community article 000246898. ...

CVE-2023-6218

MOVEit Transfer CVE-2023-6218 describes an elevation-of-privilege vulnerability where a group administrator can upgrade a group member to organization administrator. Affected products/versions are MOVEit Transfer prior to 2022.0.9 (14.0.9), prior to 2022.1.10 (14.1.10), and prior to 2023.0.7 (15....

CVE-2023-6217

CVE-2023-6217 describes a reflected Cross-Site Scripting (XSS) vulnerability in MOVEit Transfer when used with MOVEit Gateway. Affected: MOVEit Transfer versions before 2022.0.9 (14.0.9), before 2022.1.10 (14.1.10), and before 2023.0.7 (15.0.7). Root cause: XSS in a combined MOVEit Gateway/Transf...

Progress MOVEit Transfer Security Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from the presence of an elevation of privilege vulnerability. Affected products and versions: Progress MOVEit Transfer versions prior to...

kernel: md: fix soft lockup in status_resync

A logic flaw was found in the Linux kernel Multiple Device software RAID status reporting, where concurrent updates to resynchronization progress can overflow an internal difference calculation. This can cause the progress bar routine to loop excessively and trigger a soft lockup. A local user...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Owncloud Graph_Api

CVE-2023-49103 PoC for the CVE-2023-49103 Overview This Py...

kernel: md: fix soft lockup in status_resync

A logic flaw was found in the Linux kernel Multiple Device software RAID status reporting, where concurrent updates to resynchronization progress can overflow an internal difference calculation. This can cause the progress bar routine to loop excessively and trigger a soft lockup. A local user...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in versions of Progress Software WSFTP Server prior to 8.8.4 that stems from not limiting the number of file uploads...

progress-verband.de Improper Access Control vulnerability OBB-3768687

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...