Filtered by vendor Progress
Subscribe
Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17054 | 1 Progress | 1 Sitefinity Cms | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053. | |||||
| CVE-2018-17056 | 1 Progress | 1 Sitefinity Cms | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3491 | 1 Progress | 1 Openedge | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | |||||
| CVE-2007-2506 | 1 Progress | 2 Progress, Webspeed | 2018-10-16 | 7.8 HIGH | N/A |
| WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. | |||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2018-10-16 | 7.8 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | |||||
| CVE-2007-2266 | 1 Progress | 1 Webspeed Messenger | 2018-10-16 | 10.0 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. | |||||
| CVE-2017-18179 | 1 Progress | 1 Sitefinity | 2018-03-05 | 6.5 MEDIUM | 8.8 HIGH |
| Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1. | |||||
| CVE-2017-18178 | 1 Progress | 1 Sitefinity | 2018-03-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. | |||||
| CVE-2017-18175 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. | |||||
| CVE-2017-18177 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1. | |||||
| CVE-2017-18176 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | |||||
| CVE-2017-15883 | 1 Progress | 1 Sitefinity | 2018-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | |||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2017-12-18 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2017-12-18 | 7.2 HIGH | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | |||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2017-12-18 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2017-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
| CVE-2003-0485 | 1 Progress | 1 4gl Compiler | 2016-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type. | |||||
| CVE-2003-0449 | 1 Progress | 1 Database | 2016-10-17 | 4.6 MEDIUM | N/A |
| Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent. | |||||
| CVE-2014-8555 | 1 Progress | 1 Openedge | 2015-10-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||||
| CVE-2000-0127 | 1 Progress | 1 Webspeed | 2008-09-10 | 7.5 HIGH | N/A |
| The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | |||||