Progress Software WhatsUp Gold Cross-Site Scripting Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in Progress Software WhatsUp Gold version...

loefflerlawyers.com Improper Access Control vulnerability OBB-3803941

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Progress MOVEit Transfer < 2022.0.9 / 2022.1 < 2022.1.10 / 2023.0 < 2023.0.7 / 2023.1.1 Multiple Vulnerabilities (November 2023)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2022.0.9, 2022.1 prior to 2022.1.10, 2023.0 prior to 2023.0.7 or 2023.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in Progress Community article 000246898. ...

CVE-2023-6218

MOVEit Transfer CVE-2023-6218 describes an elevation-of-privilege vulnerability where a group administrator can upgrade a group member to organization administrator. Affected products/versions are MOVEit Transfer prior to 2022.0.9 (14.0.9), prior to 2022.1.10 (14.1.10), and prior to 2023.0.7 (15....

CVE-2023-6217

CVE-2023-6217 describes a reflected Cross-Site Scripting (XSS) vulnerability in MOVEit Transfer when used with MOVEit Gateway. Affected: MOVEit Transfer versions before 2022.0.9 (14.0.9), before 2022.1.10 (14.1.10), and before 2023.0.7 (15.0.7). Root cause: XSS in a combined MOVEit Gateway/Transf...

Progress MOVEit Transfer Security Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from the presence of an elevation of privilege vulnerability. Affected products and versions: Progress MOVEit Transfer versions prior to...

kernel: md: fix soft lockup in status_resync

A logic flaw was found in the Linux kernel Multiple Device software RAID status reporting, where concurrent updates to resynchronization progress can overflow an internal difference calculation. This can cause the progress bar routine to loop excessively and trigger a soft lockup. A local user...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Owncloud Graph_Api

CVE-2023-49103 PoC for the CVE-2023-49103 Overview This Py...

kernel: md: fix soft lockup in status_resync

A logic flaw was found in the Linux kernel Multiple Device software RAID status reporting, where concurrent updates to resynchronization progress can overflow an internal difference calculation. This can cause the progress bar routine to loop excessively and trigger a soft lockup. A local user...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in versions of Progress Software WSFTP Server prior to 8.8.4 that stems from not limiting the number of file uploads...

progress-verband.de Improper Access Control vulnerability OBB-3768687

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

progress-dresden.de Improper Access Control vulnerability OBB-3766351

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Recent Vulnerabilities in Popular Applications Blocked by Imperva

Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary code execution,...

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...

Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...

VulnCheck KEV: CVE-2023-40044

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WSFTP Server Ad hoc Transfer Module and in the WSFTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions...