CVE-2017-9248

CRITICAL Year: 2017
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-522
View all →

Vulnerability Description

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

Related Vulnerabilities

CVE-2000-0944

CRITICAL
CVSS:9.8(Critical)

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without ...

CWE-5222000

CVE-2005-3435

CRITICAL
CVSS:9.8(Critical)

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and sp...

CWE-5222005

CVE-2007-0681

CRITICAL
CVSS:9.8(Critical)

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, vi...

CWE-5222007

CVE-2013-7052

CRITICAL
CVSS:9.8(Critical)

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

CWE-5222013

CVE-2013-7055

CRITICAL
CVSS:9.8(Critical)

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

CWE-5222013

CVE-2014-3445

CRITICAL
CVSS:9.8(Critical)

backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the adminis...

CWE-5222014