CVSS: 9.8EPSS: 25%CPEs: 2EXPL: 3CVE-2017-9248 – Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
https://notcve.org/view.php?id=CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. La biblioteca Telerik.Web.UI.dll en la Interfaz de Usuario de Progress Telerik para ASP.NET AJAX anterior a la versión R2 2017 SP1 y Sitefinity anterior a la versión 10.0.6412.0, no protege apropiadamente a Telerik.Web.UI.DialogParametersEncryptionKey o MachineKey, lo que facilita para los atacantes remotos superar los mecanismos de protección criptográfica, conllevando a un perdida de MachineKey, cargas o descargas arbitrarias de archivos, XSS o un compromiso de ViewState de ASP.NET. Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files. • https://www.exploit-db.com/exploits/43873 https://github.com/hlong12042/CVE-2017-9248 https://github.com/ictnamanh/CVE-2017-9248 http://www.securityfocus.com/bid/99965 http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2014-2217
https://notcve.org/view.php?id=CVE-2014-2217
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. Vulnerabilidad de salto en las rutas absolutas en el control RadAsyncUpload en RadControls en Telerik UI de ASP.NET AJAX anterior a Q3 2012 SP2 permite a atacantes remotos escribir en archivos arbitrarios, y consecuentemente ejecutar código arbitrario, a través del nombre de ruta completo en el valor del metadato UploadID • http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •