Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
High
CVE-2019-18935
Disclosure Date: December 11, 2019 (last updated November 08, 2023)
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
5
Attacker Value
Unknown
CVE-2017-11317
Disclosure Date: August 23, 2017 (last updated July 04, 2024)
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
1
Attacker Value
Unknown
CVE-2021-29281
Disclosure Date: July 07, 2022 (last updated October 07, 2023)
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
0
Attacker Value
Unknown
CVE-2021-44029
Disclosure Date: December 22, 2021 (last updated October 07, 2023)
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.
0