| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. |
| In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes. |
| A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session. |
| In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.
Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.
This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access. |
| Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.
When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters. |
| In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. |
| It was possible to perform Remote Command Execution (RCE) via Java
RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and
execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration
property with inadequate input validation leading to OS command injection. |
| Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. |
| Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above |
| Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2. |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive) |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive) |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive) |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive) |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive) |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.0 (inclusive)
From 7.2.49.0 to 7.2.54.11 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.11 and all prior versions
ECS
All prior versions to 7.2.60.0 (inclusive) |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive) |
| Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. |
| Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. |
| : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. |
