The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Telerik UI for ASP.NET AJAX

vulnerability note CVE-2018-17060

Telerik Extensions for ASP.NET MVC: file reading

Synthesis of the vulnerability

A local attacker can read a file of Telerik Extensions for ASP.NET MVC, in order to obtain sensitive information.
Impacted products: Telerik.Web.UI.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 09/10/2018.
Identifiers: CVE-2018-17060, VIGILANCE-VUL-27444.

Description of the vulnerability

A local attacker can read a file of Telerik Extensions for ASP.NET MVC, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 25106

Telerik UI for ASP.NET AJAX: vulnerability via FileExplorer

Synthesis of the vulnerability

A vulnerability via FileExplorer of Telerik UI for ASP.NET AJAX was announced.
Impacted products: Telerik.Web.UI.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 18/01/2018.
Identifiers: VIGILANCE-VUL-25106.

Description of the vulnerability

A vulnerability via FileExplorer of Telerik UI for ASP.NET AJAX was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-11357

Telerik UI for ASP.NET AJAX: file upload via Direct Object Reference

Synthesis of the vulnerability

An attacker can upload a malicious file via RadAsyncUpload on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Impacted products: Performance Center, Telerik.Web.UI.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/08/2017.
Identifiers: CVE-2017-11357, VIGILANCE-VUL-23607.

Description of the vulnerability

The Telerik UI for ASP.NET AJAX product offers a web service.

It can be used to upload a file. However, this file can be uploaded in an arbitrary directory on the server, and then executed.

An attacker can therefore upload a malicious file via Direct Object Reference on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-11317

Telerik UI for ASP.NET AJAX: file upload via RadAsyncUpload

Synthesis of the vulnerability

An attacker can upload a malicious file on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Impacted products: Telerik.Web.UI.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/08/2017.
Identifiers: CVE-2017-11317, VIGILANCE-VUL-23606.

Description of the vulnerability

The Telerik UI for ASP.NET AJAX product offers a web service.

It can be used to upload a file. However, this file can be uploaded in an arbitrary directory on the server, and then executed.

An attacker can therefore upload a malicious file on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-9248

Telerik UI for ASP.NET AJAX: cryptographic keys disclosure

Synthesis of the vulnerability

An attacker can exploit a misuse of cryptographic tools in Telerik UI for ASP.NET AJAX, in order to get secret keys.
Impacted products: Telerik.Web.UI.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 04/07/2017.
Identifiers: CVE-2017-9248, VIGILANCE-VUL-23127, VU#838200.

Description of the vulnerability

An attacker can exploit a misuse of cryptographic tools in Telerik UI for ASP.NET AJAX, in order to get secret keys.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Telerik UI for ASP.NET AJAX: