RSS   Vulnerabilities for 'Progress'   RSS

2007-05-03
 
CVE-2007-2506

CWE-Other
 

 
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

 
2007-07-15
 
CVE-2007-2417

CWE-Other
 

 
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.

 
2001-11-02
 
CVE-2001-1129

CWE-Other
 

 
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.

 
2001-10-08
 
CVE-2001-1128

CWE-Other
 

 
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.

 
2001-10-05
 
CVE-2001-1127

CWE-Other
 

 
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.

 

 >>> Vendor: Progress 10 Products
Webspeed
Progress
Database
4gl compiler
Webspeed messenger
Openedge
Sitefinity
Kendo ui editor
Sitefinity cms
Fiddler


Copyright 2019, cxsecurity.com

 

Back to Top