Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
High
CVE-2019-18935
Disclosure Date: December 11, 2019 (last updated November 08, 2023)
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
5
Attacker Value
Unknown
CVE-2021-44029
Disclosure Date: December 22, 2021 (last updated October 07, 2023)
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.
0
Attacker Value
Unknown
CVE-2017-11357
Disclosure Date: August 23, 2017 (last updated June 29, 2024)
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
0