2 matches found
CVE-2017-11357
CVE-2017-11357 affects Progress Telerik UI for ASP.NET AJAX; RadAsyncUpload input is not properly restricted, enabling remote attackers to upload arbitrary files or trigger code execution. The vulnerability is described as an insecure direct object reference in RadAsyncUpload, with impact stated ...
PT-2017-3938
Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions prior to R1 2017 Telerik UI for ASP.NET AJAX R2 versions prior to R2 2017 SP2 Description The issue is related to weak encryption in RadAsyncUpload, which allows remote attackers to perform arbitrary file...