Filtered by vendor Progress
Subscriptions
Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0798 | 1 Progress | 1 Whatsup Gold | 2025-04-03 | N/A |
| Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter. | ||||
| CVE-2004-0799 | 2 Ipswitch, Progress | 2 Whatsup Gold, Whatsup Gold | 2025-04-03 | N/A |
| The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". | ||||
| CVE-2003-0772 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-03 | N/A |
| Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | ||||
| CVE-2003-0449 | 1 Progress | 1 Database | 2025-04-03 | N/A |
| Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent. | ||||
| CVE-2003-0485 | 1 Progress | 1 4gl Compiler | 2025-04-03 | N/A |
| Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type. | ||||
| CVE-2002-0826 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | N/A |
| Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | ||||
| CVE-2001-1021 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | N/A |
| Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. | ||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2025-04-03 | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | ||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2025-04-03 | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | ||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2025-04-03 | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | ||||
| CVE-2000-0127 | 1 Progress | 1 Webspeed | 2025-04-03 | N/A |
| The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | ||||
| CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2025-04-03 | N/A |
| IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | ||||
| CVE-1999-1171 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2025-04-03 | N/A |
| IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | ||||
| CVE-2023-24029 | 1 Progress | 1 Ws Ftp Server | 2025-03-26 | 7.2 High |
| In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | ||||
| CVE-2024-4885 | 1 Progress | 1 Whatsup Gold | 2025-03-04 | 9.8 Critical |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | ||||
| CVE-2023-42660 | 1 Progress | 1 Moveit Transfer | 2025-02-27 | 8.8 High |
| In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content. | ||||
| CVE-2023-40043 | 1 Progress | 1 Moveit Transfer | 2025-02-27 | 7.2 High |
| In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content. | ||||
| CVE-2024-6097 | 1 Progress | 1 Telerik Reporting | 2025-02-24 | 5.3 Medium |
| In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. | ||||
| CVE-2025-0556 | 1 Progress | 1 Telerik Report Server | 2025-02-20 | 8.8 High |
| In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | ||||
| CVE-2024-11343 | 1 Progress | 1 Telerik Document Processing Libraries | 2025-02-20 | 8.3 High |
| In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | ||||