curl: Division by zero if terminal width is 2

Summary: In fly there will be a division by zero if progress bar width is 2. That can happen if terminal width is 2. Steps To Reproduce: This script crash: stty rows 10 cols 2 ; curl --progress-bar somefile temp Impact I believe that if it's possible to set terminal width for a service, then that...

Facebook Says Encrypting Messenger by Default Will Take Years

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Nearly a year later, Messenger's not even close...

Progress Telerik UI for ASP.NET AJAX Code Issue Vulnerability

Progress Telerik UI for ASP.NET AJAX is an HTML editor. A code issue vulnerability exists in Progress Telerik UI for ASP.NET AJAX 2019.3.1023 and prior versions. The vulnerability stems from an improperly designed or implemented code development process for a web-based system or product. No...

Deserialization of untrusted data

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...

CVE-2019-18935

CVE-2019-18935 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload deserialization). The vulnerability allows remote code execution when encryption keys are known (e.g., via CVE-2017-11317/11357 or other means). Exploitation, if possible, can occur over network with low complexity and no...

Unspecified Vulnerability in Progress Sitefinity CMS

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 12.1, which stems from the program's use of a weak password recovery mechanism when retrieving passwords. The vulnerability can be exploited...

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

Default credentials

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

CVE-2019-17392

CVE-2019-17392 affects Progress Sitefinity 12.1. The issue is a weak password recovery mechanism caused by mishandling the HTTP Host header, enabling password reset abuse as described in multiple connected sources (NVD, Red Hat, CNVD, CVE records). The primary impact cited is exposure of credenti...

Ransomware Attack Downs Hosting Service SmarterASP.NET

SmarterASP.NET, a popular web hosting provider with more than 440,480 customers, has been hit with a ransomware attack that took down its customers’ websites that were hosted by the company. The company on Monday said it is in the process of recovering impacted data. SmarterASP.NET offers shared...

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

Design/Logic Flaw

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

CVE-2017-18639

Progress Sitefinity CMS prior to version 10.1 is vulnerable to cross-site scripting (XSS) via multiple parameters: /Pages Page Title, /Content/News News Title, /Content/List List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Document Title, /Content/Images/LibraryImages/...

openssh: Missing character encoding in progress display allows for spoofing of scp client output

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

Thinking about the balance between compliance and security

Today, many organizations still struggle to adhere to General Data Protection Regulation GDPR mandates even though this landmark regulation took effect nearly two years ago. A key learning for some: being compliant does not always mean you are secure. Shifting privacy regulations, combined with...

CVE-2019-18465

MOVEit Transfer 11.1 (pre-11.1.3) contains a vulnerability that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface, applicable only to specific SSH/SFTP configurations and when the MySQL database is used. The connected documents do not provide explicit exploi...