1842 matches found
CVE-2023-40051 Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal
This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...
CVE-2023-40051
CVE-2023-40051 affects Progress Application Server (PAS) for OpenEdge. A WEB transport request can allow unintended file uploads to a server directory path on the PASOE host, potentially enabling a later attack if the uploaded payload is exploitable. Affected versions are 11.7 before 11.7.18, 12....
Progress MOVEit Transfer < 2022.0.10 / 2022.1 < 2022.1.11 / 2023.0 < 2023.0.8 / 2023.1 < 2023.1.3 Multiple Vulnerabilities (January 2024)
The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is therefore, affected by multiple vulnerabilities as referenced in Progress Community article 000249475. - In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11...
PT-2024-12836 · Progress · Progress Application Server (Pas) For Openedge
Name of the Vulnerable Software and Affected Versions: Progress Application Server PAS for OpenEdge versions 11.7 prior to 11.7.18 Progress Application Server PAS for OpenEdge versions 12.2 prior to 12.2.13 Progress Application Server PAS for OpenEdge innovation releases prior to 12.8.0...
Progress Software OpenEdge Code Issue Vulnerability
Progress Software OpenEdge is a suite of integrated development environments IDEs from the US-based Progress Software. A security vulnerability exists in Progress Software OpenEdge version 11.7 through 11.7.18 and version 12.2 through 12.2.13. An attacker could exploit this vulnerability to...
Input validation
In Progress MOVEit Transfer versions released before 2022.0.10 14.0.10, 2022.1.11 14.1.11, 2023.0.8 15.0.8, 2023.1.3 15.1.3, an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational...
CVE-2023-6223
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...
Input validation
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...
CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...
Malicious code in ember-cli-progress-ci (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54512754f5c019f13ce9e5c3554ccdc6180846834e3f02daa24abb228033fc95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-47 Malicious code in ember-cli-progress-ci (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54512754f5c019f13ce9e5c3554ccdc6180846834e3f02daa24abb228033fc95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure
Description The plugin is vulnerable to Insecure Direct Object Reference in the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the...
Progress Sitefinity Input Validation Error Vulnerability
Progress Sitefinity is an open source platform for building corporate websites and intranets. Progress Sitefinity has an input validation error vulnerability that originates from a malicious user who may use the system to distribute phishing emails...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
Sql injection
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
PT-2023-27717 · Grzegorz Marczynski · Dynamic Progress Bar
Name of the Vulnerable Software and Affected Versions: Grzegorz Marczynski Dynamic Progress Bar versions 11.0 through 11.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 12.0 through 12.0.2 Grzegorz Marczynski Dynamic Progress Bar versions 13.0 through 13.0.2 Grzegorz Marczynski Dynamic...
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar aka webprogress v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recenc...
CVE-2023-40954
CVE-2023-40954 is a SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (web_progress) affecting versions 11.0–11.0.2, 12.0–12.0.2, 13.0–13.0.2, 14.0–14.0.2.1, 15.0–15.0.2, and 16.0–16.0.2.1. The issue allows remote attackers to gain privileges via the recency parameter in mod...