Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...

Exploit for Improper Authentication in Progress Moveit_Transfer

CVE-2024-5806 Exploit for Progress MOVEit Transfer CVE-2024-5...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows Cross‑Site Scripting (XSS) by authenticated users via the SF Editor’s content form. Affected component: SF Editor in Sitefinity; vulnerability arises in input handling within the editor, enabling script execution when payloads are submitted and viewed. Imp...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor...

Cybersecurity CPEs: Unraveling the What, Why & How

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education CPE credits. CPEs are...

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8...

Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)

The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability, as follows: - In Progress Telerik Report Server versions prior to 2024 Q1 10.0.24.130, a remote code execution attack is possible through an insecure deserializatio...

Sitefinity 15.0 - Cross-Site Scripting Vulneraility

Exploit Title: Sitefinity 15.0 - Cross-Site Scripting XSS Exploit Author: Aldi Saputra Wahyudi Vendor Homepage: https://www.progress.com/sitefinity-cms Version:...

Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)

The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: - In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server deserializ...

Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919 Bulk Scanner CVE-2024-24919 Check Point Securi...

Metasploit Weekly Wrap-Up 05/31/2024

Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second i...

Progress WhatsUp Gold < 23.1.2 Multiple Vulnerabilities (000255428)

The version of Progress WhatsUp Gold installed on the remote host is prior to 23.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 000255428 advisory. - In WhatsUp Gold versions released before 2023.1.2, a blind SSRF vulnerability exists in Whatsup Gold's...

Progress Software Telerik Reporting Register Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software Telerik Reporting. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Register method. The issue results from the...

Ipswitch MOVEit DMZ < 2024.0.0 (16_0_0)

The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 2024.0.0. It is, therefore, affected by a vulnerability as referenced in the 000258478 advisory. - The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficie...