Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
telerik vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote malicious user to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in ...
Telerik Radchart
Telerik Ui For Asp.net Ajax -
7.5
CVSSv2
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX up to and including 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Explo...
Telerik Ui For Asp.net Ajax
17 Github repositories
2 Articles
6.8
CVSSv2
CVE-2019-12097
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.
Progress Fiddler 5.0.20182.28034
1 Github repository
5
CVSSv2
CVE-2018-17060
Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote malicious user to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013.
Progress Telerik Extensions For Asp.net Mvc
6.8
CVSSv2
CVE-2018-15122
An issue found in Progress Telerik JustAssembly up to and including 2018.1.323.2 and JustDecompile up to and including 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resou...
Telerik Justdecompile
Telerik Justassembly
7.5
CVSSv2
CVE-2017-11317
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote malicious users to perform arbitrary file uploads or execute arbitrary code.
Telerik Ui For Asp.net Ajax 2017.2.503
Telerik Ui For Asp.net Ajax 2017.2.621
Telerik Ui For Asp.net Ajax
1 EDB exploit
7 Github repositories
7.5
CVSSv2
CVE-2017-11357
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote malicious users to perform arbitrary file uploads or execute arbitrary code.
Telerik Ui For Asp.net Ajax
1 EDB exploit
4 Github repositories
7.5
CVSSv2
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity prior to 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote malicious users to defeat cryptographic pro...
Telerik Ui For Asp.net Ajax
Telerik Sitefinity Cms
1 EDB exploit
17 Github repositories
1 Article
4.3
CVSSv2
CVE-2017-9140
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote malicious users to inject arbitrary web script or HTML via the bgColor parameter to Telerik...
Progress Telerik Reporting
Progress Sitefinity Cms
6.9
CVSSv2
CVE-2015-2264
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library prior to 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) ...
Telerik Analytics Monitor Library
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »