Page 3 of 12 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x y 10.x permite que los atacantes remotos omitan la autenticación y que provoquen una denegación de servicio (DoS) en consecuencia en las páginas con carga balanceada o obtengan privilegios mediante vectores relacionados con una criptografía débil. • https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883 https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 25%CPEs: 2EXPL: 3

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. La biblioteca Telerik.Web.UI.dll en la Interfaz de Usuario de Progress Telerik para ASP.NET AJAX anterior a la versión R2 2017 SP1 y Sitefinity anterior a la versión 10.0.6412.0, no protege apropiadamente a Telerik.Web.UI.DialogParametersEncryptionKey o MachineKey, lo que facilita para los atacantes remotos superar los mecanismos de protección criptográfica, conllevando a un perdida de MachineKey, cargas o descargas arbitrarias de archivos, XSS o un compromiso de ViewState de ASP.NET. Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files. • https://www.exploit-db.com/exploits/43873 https://github.com/hlong12042/CVE-2017-9248 https://github.com/ictnamanh/CVE-2017-9248 http://www.securityfocus.com/bid/99965 http://www.telerik.com/blogs/security-alert-for-telerik-ui-for-asp.net-ajax-and-progress-sitefinity http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness • CWE-522: Insufficiently Protected Credentials •