Filtered by vendor Progress Subscriptions
Total 201 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-0798 1 Progress 1 Whatsup Gold 2025-04-03 N/A
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
CVE-2004-0799 2 Ipswitch, Progress 2 Whatsup Gold, Whatsup Gold 2025-04-03 N/A
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
CVE-2003-0772 2 Ipswitch, Progress 2 Ws Ftp Server, Ws Ftp Server 2025-04-03 N/A
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
CVE-2003-0449 1 Progress 1 Database 2025-04-03 N/A
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
CVE-2003-0485 1 Progress 1 4gl Compiler 2025-04-03 N/A
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
CVE-2002-0826 1 Progress 1 Ws Ftp Server 2025-04-03 N/A
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
CVE-2001-1021 1 Progress 1 Ws Ftp Server 2025-04-03 N/A
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
CVE-2001-1127 1 Progress 1 Progress 2025-04-03 N/A
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
CVE-2001-1128 1 Progress 1 Progress 2025-04-03 N/A
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
CVE-2001-1129 1 Progress 1 Progress 2025-04-03 N/A
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
CVE-2000-0127 1 Progress 1 Webspeed 2025-04-03 N/A
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
CVE-1999-1170 2 Ipswitch, Progress 2 Imail, Ws Ftp Server 2025-04-03 N/A
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-1999-1171 2 Ipswitch, Progress 2 Imail, Ws Ftp Server 2025-04-03 N/A
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-2023-24029 1 Progress 1 Ws Ftp Server 2025-03-26 7.2 High
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
CVE-2024-4885 1 Progress 1 Whatsup Gold 2025-03-04 9.8 Critical
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
CVE-2023-42660 1 Progress 1 Moveit Transfer 2025-02-27 8.8 High
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.
CVE-2023-40043 1 Progress 1 Moveit Transfer 2025-02-27 7.2 High
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.
CVE-2024-6097 1 Progress 1 Telerik Reporting 2025-02-24 5.3 Medium
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
CVE-2025-0556 1 Progress 1 Telerik Report Server 2025-02-20 8.8 High
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
CVE-2024-11343 1 Progress 1 Telerik Document Processing Libraries 2025-02-20 8.3 High
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.