Lucene search
K

44 matches found

CNVD
CNVD
added 2017/08/24 12:0 a.m.9 views

Progress Telerik UI for ASP.NET AJAX Arbitrary File Upload Vulnerability

ASP.NET AJAX is a control for ASP.NET. Progress Telerik UI is a UI user interface for ASP.NET controls that handle AJAX, developed by Telerik USA. A security vulnerability exists in versions of Progress Telerik UI for ASP.NET AJAX prior to R2 2017 SP2, which stems from the program failing to...

9.8CVSS9.8AI score0.75709EPSS
Exploits5References1
OSV
OSV
added 2017/08/23 5:29 p.m.4 views

CVE-2017-11357

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

9.8CVSS6AI score0.75709EPSS
Exploits5References3
OSV
OSV
added 2017/08/23 5:29 p.m.2 views

CVE-2017-11317

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

9.8CVSS6AI score0.83476EPSS
Exploits8References5
CVE
CVE
added 2014/12/25 9:0 p.m.95 views

CVE-2014-2217

CVE-2014-2217 describes an absolute path traversal in the RadAsyncUpload control of Telerik UI for ASP.NET AJAX, affecting versions before Q3 2012 SP2. An attacker can supply a full pathname in the UploadID metadata to write arbitrary files on the server and potentially execute arbitrary code. Th...

7.5CVSS9.6AI score0.0372EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder