The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Telerik.Web.UI

computer vulnerability announce CVE-2017-11357

Telerik UI for ASP.NET AJAX: file upload via Direct Object Reference

Synthesis of the vulnerability

An attacker can upload a malicious file via RadAsyncUpload on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Impacted products: Performance Center, Telerik.Web.UI.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/08/2017.
Identifiers: CVE-2017-11357, VIGILANCE-VUL-23607.

Description of the vulnerability

The Telerik UI for ASP.NET AJAX product offers a web service.

It can be used to upload a file. However, this file can be uploaded in an arbitrary directory on the server, and then executed.

An attacker can therefore upload a malicious file via Direct Object Reference on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-11317

Telerik UI for ASP.NET AJAX: file upload via RadAsyncUpload

Synthesis of the vulnerability

An attacker can upload a malicious file on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Impacted products: Telerik.Web.UI.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/08/2017.
Identifiers: CVE-2017-11317, VIGILANCE-VUL-23606.

Description of the vulnerability

The Telerik UI for ASP.NET AJAX product offers a web service.

It can be used to upload a file. However, this file can be uploaded in an arbitrary directory on the server, and then executed.

An attacker can therefore upload a malicious file on Telerik UI for ASP.NET AJAX, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-9248

Telerik UI for ASP.NET AJAX: cryptographic keys disclosure

Synthesis of the vulnerability

An attacker can exploit a misuse of cryptographic tools in Telerik UI for ASP.NET AJAX, in order to get secret keys.
Impacted products: Telerik.Web.UI.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 04/07/2017.
Identifiers: CVE-2017-9248, VIGILANCE-VUL-23127, VU#838200.

Description of the vulnerability

An attacker can exploit a misuse of cryptographic tools in Telerik UI for ASP.NET AJAX, in order to get secret keys.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Telerik.Web.UI: