CVE-2024-4358 – Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. En Progress Telerik Report Server, versión 2024 Q1 (10.0.24.305) o anterior, en IIS, un atacante no autenticado puede obtener acceso a la funcionalidad restringida de Telerik Report Server a través de una vulnerabilidad de omisión de autenticación. This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software Telerik Reporting. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Register method. The issue results from the lack of validating the current installation step. • https://github.com/verylazytech/CVE-2024-4358 https://github.com/RevoltSecurities/CVE-2024-4358 https://github.com/fa-rrel/CVE-2024-4358 https://github.com/sinsinology/CVE-2024-4358 https://github.com/Harydhk7/CVE-2024-4358 https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 • CWE-290: Authentication Bypass by Spoofing •
CVE-2021-28141
https://notcve.org/view.php?id=CVE-2021-28141
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. • https://gist.github.com/shreyasfegade/e2480e26b2ed1d0c7175ecf7cb15f9c1 https://pastebin.com/JULpfvFJ • CWE-862: Missing Authorization •
CVE-2020-13661
https://notcve.org/view.php?id=CVE-2020-13661
Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. Telerik Fiddler versiones hasta 5.0.20202.18177, permite a atacantes ejecutar programas arbitrarios por medio de un nombre de host con un carácter de espacio final, seguido de --utility-and-browser --utility-cmd-prefix= y el nombre de ruta de un programa instalado localmente. La víctima debe elegir interactivamente la opción Open On Browser. • https://www.nagenrauft-consulting.com/blog https://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v5.0.20204 https://www.telerik.com/support/whats-new/release-history •
CVE-2020-11414
https://notcve.org/view.php?id=CVE-2020-11414
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations. Se detectó un problema en Progress Telerik UI for Silverlight versiones anteriores a 2020.1.330. • https://docs.telerik.com/devtools/silverlight/controls/radupload/how-to/secure-upload-file-path • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-19790
https://notcve.org/view.php?id=CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). El salto de ruta en RadChart en la interfaz de usuario de Telerik para ASP.NET AJAX permite a un atacante remoto leer y eliminar una imagen con extensión .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF o .WMF en el servidor por medio de una petición especialmente diseñada. • https://docs.telerik.com/devtools/aspnet-ajax/controls/chart/overview https://www.telerik.com/forums/-620f6977edef https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •