All the vulnerabilites related to progress - progress
Vulnerability from fkie_nvd
Published
2001-10-05 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
Impacted products
Vendor Product Version
progress progress 8.3d
progress progress 9.1c



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:progress:8.3d:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC28C15-BD8D-4231-8118-188AD9445945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:progress:9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C131D075-5A8E-4A09-90B3-228307A40C0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump."
    }
  ],
  "id": "CVE-2001-1127",
  "lastModified": "2024-11-20T23:36:56.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-10-05T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/218833"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3404"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/218833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-07-15 21:30
Modified
2024-11-21 00:30
Severity ?
Summary
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.
References
cve@mitre.orghttp://dvlabs.tippingpoint.com/advisory/TPTI-07-12Patch, Vendor Advisory
cve@mitre.orghttp://osvdb.org/37934
cve@mitre.orghttp://secunia.com/advisories/26058Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/26067Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/473623/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24675
cve@mitre.orghttp://www.securitytracker.com/id?1018389
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2530
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2531
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35385
af854a3a-2127-422b-91ae-364da2661108http://dvlabs.tippingpoint.com/advisory/TPTI-07-12Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37934
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26058Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26067Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/473623/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24675
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018389
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2530
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2531
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35385
Impacted products
Vendor Product Version
rsa securid 2.0
progress openedge 10.1a
progress openedge 10.1b
progress progress 9.1e
rsa ace_server 5.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rsa:securid:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "736234F7-AEB8-4623-B44A-3B7EEC4D1D55",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:openedge:10.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "C637AD8D-C3A3-4815-A0A0-12581270E384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:openedge:10.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "44F1126D-D2EE-4D4B-AA40-11300B590C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC44608-A273-4EA8-9A60-CA10903AE0A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rsa:ace_server:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD8FA6FD-A5F1-442F-A1AB-89F77398895C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets.  NOTE: this issue might overlap CVE-2007-3491."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en _mprosrv.exe de Progress Software Progress 9.1E y OpenEdge 10.1.x, como se usan en RSA Authentication Manager 6.0 y 6.1, SecurID Appliance 2.0, ACE/Server 5.2, y posiblemente otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante paquetes manipulados. NOTA: este problema podr\u00eda solaparse con CVE-2007-3491."
    }
  ],
  "id": "CVE-2007-2417",
  "lastModified": "2024-11-21T00:30:44.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-15T21:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37934"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26058"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26067"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/473623/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24675"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018389"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2530"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2531"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473623/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35385"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-05-04 01:19
Modified
2024-11-21 00:30
Severity ?
Summary
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Impacted products
Vendor Product Version
progress progress 9.1e
progress webspeed 3.0
progress webspeed 3.1a
progress webspeed 3.1d
progress webspeed 3.1e



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:progress:9.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC44608-A273-4EA8-9A60-CA10903AE0A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:webspeed:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA5B493-3BB1-4847-8055-15B93171EC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:webspeed:3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE71387-6ED3-4560-89AC-2E95BCE4A0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:webspeed:3.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3762BC5-B7B1-467F-BD7B-A167CF8EFEEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:webspeed:3.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "903C177E-A627-4A28-8AF4-C10B668B9D15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."
    },
    {
      "lang": "es",
      "value": "WebSpeed 3.x de OpenEdge 10.x en Progress Software Progress 9.1e, y otras versiones concretas 9.x, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito y congelaci\u00f3n de demonio) mediante una URL de mensajero que invoca _edit.r sin par\u00e1metros adicionales, como demuestra realizando peticiones de cgiip.exe \u00f3 wsisa.dll con WService=wsbroker1/_edit.r en PATH_INFO."
    }
  ],
  "id": "CVE-2007-2506",
  "lastModified": "2024-11-21T00:30:57.327",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-04T01:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35541"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115\u0026docType=1006\u0026clusterName=CombinedCluster\u0026contentId=12\u0026groupId=3\u0026answerGroup=1\u0026score=1932\u0026page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml\u0026result=0\u0026excerpt=P123694"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ishare.nl/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115\u0026docType=1006\u0026clusterName=CombinedCluster\u0026contentId=12\u0026groupId=3\u0026answerGroup=1\u0026score=1932\u0026page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml\u0026result=0\u0026excerpt=P123694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ishare.nl/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23778"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-11-02 05:00
Modified
2024-11-20 23:36
Severity ?
Summary
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
Impacted products
Vendor Product Version
progress progress 9.1c



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:progress:9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C131D075-5A8E-4A09-90B3-228307A40C0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable."
    }
  ],
  "id": "CVE-2001-1129",
  "lastModified": "2024-11-20T23:36:56.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-11-02T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/224395"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3502"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/224395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7457"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-10-08 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
Impacted products
Vendor Product Version
progress progress 8.3d
progress progress 9.1c



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:progress:8.3d:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC28C15-BD8D-4231-8118-188AD9445945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:progress:9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C131D075-5A8E-4A09-90B3-228307A40C0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables."
    }
  ],
  "id": "CVE-2001-1128",
  "lastModified": "2024-11-20T23:36:56.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-10-08T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/219174"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3414"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/219174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2001-1128
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
Summary
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
References
http://www.securityfocus.com/bid/3414vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/7264vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/219174mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:07.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3414"
          },
          {
            "name": "progress-protermcap-bo(7264)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
          },
          {
            "name": "20011008 Progress TERM (protermcap) overflows and PROMSGS overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/219174"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3414"
        },
        {
          "name": "progress-protermcap-bo(7264)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
        },
        {
          "name": "20011008 Progress TERM (protermcap) overflows and PROMSGS overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/219174"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3414"
            },
            {
              "name": "progress-protermcap-bo(7264)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7264"
            },
            {
              "name": "20011008 Progress TERM (protermcap) overflows and PROMSGS overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/219174"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1128",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:07.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1129
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
Summary
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/7457vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/224395mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/3502vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:07.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "progress-promsgs-format-string(7457)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7457"
          },
          {
            "name": "20011102 Progres Databse PROMSGS Format strings issue.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/224395"
          },
          {
            "name": "3502",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3502"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "progress-promsgs-format-string(7457)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7457"
        },
        {
          "name": "20011102 Progres Databse PROMSGS Format strings issue.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/224395"
        },
        {
          "name": "3502",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3502"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "progress-promsgs-format-string(7457)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7457"
            },
            {
              "name": "20011102 Progres Databse PROMSGS Format strings issue.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/224395"
            },
            {
              "name": "3502",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3502"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1129",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:07.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2417
Vulnerability from cvelistv5
Published
2007-07-15 21:00
Modified
2024-08-07 13:33
Severity ?
Summary
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.
References
http://www.vupen.com/english/advisories/2007/2530vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/473623/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/2531vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26067third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26058third-party-advisory, x_refsource_SECUNIA
http://dvlabs.tippingpoint.com/advisory/TPTI-07-12x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/35385vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1018389vdb-entry, x_refsource_SECTRACK
http://osvdb.org/37934vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/24675vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:29.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2530",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2530"
          },
          {
            "name": "20070713 TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473623/100/0/threaded"
          },
          {
            "name": "ADV-2007-2531",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2531"
          },
          {
            "name": "26067",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26067"
          },
          {
            "name": "26058",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26058"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-12"
          },
          {
            "name": "multiple-progress-server-bo(35385)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35385"
          },
          {
            "name": "1018389",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018389"
          },
          {
            "name": "37934",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37934"
          },
          {
            "name": "24675",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24675"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets.  NOTE: this issue might overlap CVE-2007-3491."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2530",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2530"
        },
        {
          "name": "20070713 TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473623/100/0/threaded"
        },
        {
          "name": "ADV-2007-2531",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2531"
        },
        {
          "name": "26067",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26067"
        },
        {
          "name": "26058",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26058"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-12"
        },
        {
          "name": "multiple-progress-server-bo(35385)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35385"
        },
        {
          "name": "1018389",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018389"
        },
        {
          "name": "37934",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37934"
        },
        {
          "name": "24675",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24675"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets.  NOTE: this issue might overlap CVE-2007-3491."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2530",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2530"
            },
            {
              "name": "20070713 TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473623/100/0/threaded"
            },
            {
              "name": "ADV-2007-2531",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2531"
            },
            {
              "name": "26067",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26067"
            },
            {
              "name": "26058",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26058"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-12",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-12"
            },
            {
              "name": "multiple-progress-server-bo(35385)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35385"
            },
            {
              "name": "1018389",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018389"
            },
            {
              "name": "37934",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37934"
            },
            {
              "name": "24675",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24675"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2417",
    "datePublished": "2007-07-15T21:00:00",
    "dateReserved": "2007-05-01T00:00:00",
    "dateUpdated": "2024-08-07T13:33:29.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1127
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
Summary
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
References
http://www.securityfocus.com/archive/1/218833mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/3404vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/7236vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:07.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20011005 Progress Database vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/218833"
          },
          {
            "name": "3404",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3404"
          },
          {
            "name": "progress-strcpy-bo(7236)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20011005 Progress Database vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/218833"
        },
        {
          "name": "3404",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3404"
        },
        {
          "name": "progress-strcpy-bo(7236)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20011005 Progress Database vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/218833"
            },
            {
              "name": "3404",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3404"
            },
            {
              "name": "progress-strcpy-bo(7236)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1127",
    "datePublished": "2002-03-15T05:00:00",
    "dateReserved": "2002-03-15T00:00:00",
    "dateUpdated": "2024-08-08T04:44:07.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2506
Vulnerability from cvelistv5
Published
2007-05-04 01:00
Modified
2024-08-07 13:42
Severity ?
Summary
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:33.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115\u0026docType=1006\u0026clusterName=CombinedCluster\u0026contentId=12\u0026groupId=3\u0026answerGroup=1\u0026score=1932\u0026page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml\u0026result=0\u0026excerpt=P123694"
          },
          {
            "name": "23778",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23778"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ishare.nl/"
          },
          {
            "name": "20070502 response Progress: Denial of Service attack against WebSpeed possible",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
          },
          {
            "name": "35541",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35541"
          },
          {
            "name": "20070501 Disable website access for sites running Webspeed",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
          },
          {
            "name": "25129",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25129"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115\u0026docType=1006\u0026clusterName=CombinedCluster\u0026contentId=12\u0026groupId=3\u0026answerGroup=1\u0026score=1932\u0026page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml\u0026result=0\u0026excerpt=P123694"
        },
        {
          "name": "23778",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23778"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ishare.nl/"
        },
        {
          "name": "20070502 response Progress: Denial of Service attack against WebSpeed possible",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
        },
        {
          "name": "35541",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35541"
        },
        {
          "name": "20070501 Disable website access for sites running Webspeed",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
        },
        {
          "name": "25129",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25129"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115\u0026docType=1006\u0026clusterName=CombinedCluster\u0026contentId=12\u0026groupId=3\u0026answerGroup=1\u0026score=1932\u0026page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml\u0026result=0\u0026excerpt=P123694",
              "refsource": "CONFIRM",
              "url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115\u0026docType=1006\u0026clusterName=CombinedCluster\u0026contentId=12\u0026groupId=3\u0026answerGroup=1\u0026score=1932\u0026page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml\u0026result=0\u0026excerpt=P123694"
            },
            {
              "name": "23778",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23778"
            },
            {
              "name": "http://www.ishare.nl/",
              "refsource": "MISC",
              "url": "http://www.ishare.nl/"
            },
            {
              "name": "20070502 response Progress: Denial of Service attack against WebSpeed possible",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
            },
            {
              "name": "35541",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35541"
            },
            {
              "name": "20070501 Disable website access for sites running Webspeed",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
            },
            {
              "name": "25129",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25129"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2506",
    "datePublished": "2007-05-04T01:00:00",
    "dateReserved": "2007-05-03T00:00:00",
    "dateUpdated": "2024-08-07T13:42:33.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}