CVE-2024-6576 MOVEit Transfer Privilege Escalation Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

PT-2024-5295 · Progress · Progress Moveit Transfer

Name of the Vulnerable Software and Affected Versions: Progress MOVEit Transfer versions 2023.0.0 through 2023.0.11 Progress MOVEit Transfer versions 2023.1.0 through 2023.1.6 Progress MOVEit Transfer versions 2024.0.0 through 2024.0.2 Description: The issue is related to improper authentication ...

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 CVSS score: 9.9, impacts Report Server version 2024 Q2 10.1.24.514 and...

Progress Telerik Reporting < 2024 Q2 (18.1.24.709) Object Injection

The version of Progress Telerik Reporting installed on the remote Windows host is prior to 2024 Q2 18.1.24.709. It is, therefore, affected by an object injection vulnerability: - In Progress® Telerik® Reporting versions prior to 18.1.24.709, an object injection attack is possible through an...

Progress Telerik Report Server Insecure Deserialization (CVE-2024-6327)

The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability, as follows: - In Progress Telerik Report Server versions prior to 2024 Q2 10.1.24.709, a remote code execution attack is possible through an insecure deserializatio...

CVE-2024-6096

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability...

CVE-2024-6096 Unsafe Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability...

CVE-2024-6096

Progress Telerik Reporting, before version 18.1.24.709, is affected by an object-injection vulnerability due to insecure type resolution that can lead to code execution. The vulnerability affects Progress Telerik Reporting (a .NET/.NET Framework embedded reporting tool) and various advisories ide...

CVE-2024-6327 Progress Telerik Report Server Deserialization

In Progress® Telerik® Report Server versions prior to 2024 Q2 10.1.24.709, a remote code execution attack is possible through an insecure deserialization vulnerability...

CVE-2024-37422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through = 0.9.2...

CVE-2024-37422

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2...

CVE-2024-37422 WordPress Progress Planner plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Team Emilia Projects Progress Planner allows Stored XSS.This issue affects Progress Planner: from n/a through 0.9.2...

CVE-2024-37422 WordPress Progress Planner plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through = 0.9.2...

CVE-2024-37422

Progress Planner (WordPress plugin)

CVE-2024-41703

LibreChat through 0.7.4-rc1 has incorrect access control for message updates...

PT-2024-27539 · Unknown · Progress Planner

Name of the Vulnerable Software and Affected Versions: Progress Planner versions 0.9.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

Progress Kemp LoadMaster Remote Command Execution

Progress Kemp LoadMaster versions 7.2.48.1 7.2.59.2 / 7.2.48.1 7.2.54.8 and 7.2.48.1 7.2.48.10 is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...

SUSE-SU-2024:2463-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

This module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The following version are affected: MOVEit Transfer 2023.0.x Fixed in 2023.0.11 MOVEit Transfer 2023.1.x Fixed in 2023.1.6 MOVEit Transfer 2024.0.x Fixed in 2024.0.2 The module can...

Exploit for Improper Privilege Management in Progress Whatsup_Gold

CVE-2024-5009 PoC for Progress WhatsUp Gold SetAdminPassword P...