Product
progress whatsup gold
178 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-7313
CVE-2026-7312
CVE-2026-7201
CVE-2026-7198
CVE-2026-7195
CVE-2026-8488
CVE-2026-8487
CVE-2026-8486
CVE-2026-8485
CVE-2026-5174
CVE-2026-4670
CVE-2026-4048
CVE-2026-3519
CVE-2026-3518
CVE-2026-3517
CVE-2025-13447
CVE-2025-13444
CVE-2025-11235
CVE-2025-13147
CVE-2025-2572
CVE-2025-2324
CVE-2024-6097
CVE-2024-11627
CVE-2024-11626
CVE-2024-11625
CVE-2024-12108
CVE-2024-12106
CVE-2024-12105
CVE-2024-8785
CVE-2024-46909
CVE-2024-46908
CVE-2024-46907
CVE-2024-46906
CVE-2024-46905
CVE-2024-7763
CVE-2024-8048
CVE-2024-8014
CVE-2024-7840
CVE-2024-7294
CVE-2024-7293
CVE-2024-7654
CVE-2024-7346
CVE-2024-7345
CVE-2024-6672
CVE-2024-6671
CVE-2024-6670
CVE-2024-7745
CVE-2024-7744
CVE-2024-6576
CVE-2024-6096
CVE-2024-5019
CVE-2024-5018
CVE-2024-5017
CVE-2024-5016
CVE-2024-5015
CVE-2024-5014
CVE-2024-5013
CVE-2024-5012
CVE-2024-5011
CVE-2024-5010
CVE-2024-5009
CVE-2024-5008
CVE-2024-4885
CVE-2024-4884
CVE-2024-4883
CVE-2024-5806
CVE-2023-27636
CVE-2024-4563
CVE-2024-4357
CVE-2024-4202
CVE-2024-4200
CVE-2024-4562
CVE-2024-4561
CVE-2024-3544
CVE-2024-3543
CVE-2024-2449
CVE-2024-2448
CVE-2024-2291
CVE-2024-1856
CVE-2024-1801
CVE-2024-1636
CVE-2024-1632
CVE-2024-1403
CVE-2024-1212
CVE-2024-1474
CVE-2024-0832
CVE-2023-40052
CVE-2023-40051
CVE-2024-0396
CVE-2023-6784
CVE-2023-6595
CVE-2023-6368
CVE-2023-6367
CVE-2023-6366
CVE-2023-6365
CVE-2023-6364
CVE-2023-6218
CVE-2023-6217
CVE-2023-42659
CVE-2023-42657
CVE-2023-40049
CVE-2023-40048
CVE-2023-40047
CVE-2023-40046
CVE-2023-40045
CVE-2023-40044
CVE-2023-42660
CVE-2023-42656
CVE-2023-40043
CVE-2023-36934
CVE-2023-36933
CVE-2023-36932
CVE-2023-35759
CVE-2023-34203
CVE-2023-35708
CVE-2023-35036
CVE-2023-34362
CVE-2023-29376
CVE-2023-29375
CVE-2022-27665
CVE-2023-24029
CVE-2022-42711
CVE-2022-29848
CVE-2022-29847
CVE-2022-29846
CVE-2022-29845
CVE-2022-29849
CVE-2021-38159
CVE-2021-37614
CVE-2021-33894
CVE-2021-31827
CVE-2020-28647
CVE-2020-12677
CVE-2020-8612
CVE-2020-8611
CVE-2019-17392
CVE-2019-12143
CVE-2019-7215
CVE-2018-17055
CVE-2018-8939
CVE-2018-8938
CVE-2017-18179
CVE-2017-18178
CVE-2017-18177
CVE-2017-18176
CVE-2017-18175
CVE-2018-5778
CVE-2018-5777
CVE-2017-15883
CVE-2015-9245
CVE-2017-9248
CVE-2017-9140
CVE-2016-1000000
CVE-2015-8261
CVE-2015-6005
CVE-2015-6004
CVE-2014-8555
CVE-2012-4344
CVE-2012-2601
CVE-2008-0590
CVE-2007-2417
CVE-2007-3491
CVE-2007-2602
CVE-2006-5001
CVE-2006-5000
CVE-2006-4847
CVE-2004-1885
CVE-2004-1883
CVE-2004-1848
CVE-2004-0799
CVE-2004-0798
CVE-2004-1643
CVE-2004-1884
CVE-2003-0772
CVE-2002-0826
CVE-2001-1021
CVE-1999-1171
CVE-1999-1170
>= 8.0.5700 and < 13.3.7652
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a
>= 14.0.7700 and < 14.4.8152
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15
>= 15.2.8400 and < 15.2.8441
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x b
>= 15.4.8623 and < 15.4.8630
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated
>= 14.1.7800 and < 14.4.8152
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x be
< 2025.0.11
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocat
< 2025.0.11
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This
< 2025.0.11
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This i
< 2025.0.11
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affec
< 2024.1.8
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MO
< 2024.1.8
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This
< 7.2.63.1
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “A
< 7.2.63.1
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “
< 7.2.63.1
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “
< 7.2.63.1
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “
< 7.2.62.2
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “Us
< 7.2.62.2
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “Us
>= 2022.0.0 and < 2022.0.10
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Trans
< 2024.1.8
Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8,
< 24.0.3
In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to
>= 2023.1.0 and < 2023.1.12
Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allo
< 19.0.25.211
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat ac
>= 4.0 and < 14.4.8143
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: fr
>= 4.0 and < 14.4.8143
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vu
>= 4.0 and < 14.4.8143
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefin
>= 23.1.0 and < 24.0.2
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
>= 23.1.0 and < 24.0.2
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
>= 23.1.0 and < 24.0.2
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead t
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at l
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at l
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at l
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at
< 24.0
In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain enc
< 18.2.24.924
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection
< 18.2.24.924
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injectio
<= 18.2.24.924
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neu
< 10.2.24.806
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoin
< 10.2.24.806
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through
<= 11.7.19
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery fea
<= 11.7.19
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS
<= 11.7.18
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Mul
< 24.0
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker t
>= 23.1.0 and < 24.0
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulne
< 24.0
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve t
< 8.8.8
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Modu
< 8.8.8
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal
>= 2023.0.0 and < 2023.0.12
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affect
< 18.1.24.709
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Cont
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Control
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTT
< 23.1.0
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionCon
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unaut
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials.
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially craft
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallControll
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file a
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerabili
>= 2023.0.0 and < 2023.0.11
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affec
< 15.0.0
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
< 2024.0.0
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit l
< 10.1.24.514
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows
< 18.1.24.514
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure
< 18.1.24.514
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat
< 23.1.2
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Mo
< 23.1.2
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that a
>= 7.2.55.0 and < 7.2.59.4
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same net
>= 7.2.55.0 and < 7.2.59.4
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unenc
>= 7.2.55.0 and < 7.2.59.3
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prio
>= 7.2.55.0 and < 7.2.59.3
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings m
< 2022.0.11
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4
< 18.0.24.130
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat
< 18.0.24.130
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat a
< 13.3.7649
Potential Cross-Site Scripting (XSS) in the page editing area.
< 13.3.7649
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
< 11.7.19
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge pr
>= 7.2.48.1 and < 7.2.48.10
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system comm
< 8.8.5
In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs
< 18.0.24.130
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications instal
>= 11.7 and < 11.7.18
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and in
>= 11.7 and < 11.7.18
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and in
< 2022.0.10
In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3
>= 4.0 and < 13.3.7648
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
< 23.1.0
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possib
< 23.1.0
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possib
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is pos
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is pos
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is pos
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is po
<= 2021.1.0
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escala
<= 2021.1.0
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross
< 8.7.6
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc
< 8.7.4
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could levera
< 8.8.2
In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory list
< 8.8.2
In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) prote
< 8.8.2
In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management m
< 8.7.4
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface.
< 8.7.4
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server
< 8.7.4
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerabili
< 2021.1.8
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a
< 2021.1.8
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a
< 2021.1.8
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a
< 12.1.11
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8)
< 2020.1.11
In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.
< 2020.1.11
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8)
< 23.0.0
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This c
< 11.7.16
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role
< 2020.1.10
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.
< 2021.0.7
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.
< 2021.0.7
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.
>= 13.3 and < 13.3.7646
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14
>= 13.3 and < 13.3.7646
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14
all versions
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to executi
< 8.8
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative i
< 22.1.0
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. Thi
>= 17.0.0 and <= 21.1.1
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API tra
>= 21.0.0 and <= 21.1.1
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an A
>= 16.1 and <= 21.1.1
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the Wh
all versions
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API tra
>= 11.7 and < 11.7.14
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible
< 2019.0.8
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application co
< 2019.0.7
In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVEit Transfer web application co
< 2019.0.6
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x
< 2021.0
In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that
< 2020.1
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim wi
>= 2018.0 and < 2018.0.3
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize ma
>= 2019.2 and < 2019.2.1
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize m
>= 2019.2 and < 2019.2.1
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been fo
>= 9.1 and < 9.1.6185
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandle
< 8.6.1
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker c
>= 7.0 and < 7.0.5143
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the br
>= 4.0 and <= 11.0
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
< 18.0
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially craft
< 18.0
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can in
all versions
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change o
all versions
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection
all versions
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10
all versions
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's
all versions
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by
< 17.1.1
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present
< 17.1.1
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfigur
all versions
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause
all versions
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arb
< 10.0.6412.0
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly
< 11.0.17.406
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Vie
<= 16.4
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
all versions
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objec
<= 16.3
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrar
<= 16.3
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL comman
all versions
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to rea
all versions
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or
all versions
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQ
all versions
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash)
all versions
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authenticatio
all versions
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to hav
all versions
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or e
<= 5.05
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prev
all versions
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and
<= 5.05
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary cod
all versions
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command t
all versions
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causin
all versions
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrict
all versions
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash
all versions
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute ar
all versions
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an in
all versions
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain a
all versions
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arb
all versions
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD comman
all versions
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLS
all versions
IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry k
all versions
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry ke