CVE-2014-2217
published 2014-12-25CVE-2014-2217: Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.72%
88.4th percentile
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gfi | archiver | < 15.2 | 15.2 |
| progress | telerik_ui_for_asp.net_ajax | <= 2014.3.1209 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gxxx-8rjm-vqf3: File upload vulnerability in GFI Mail Archiver versions up to and including 15
ghsa_unreviewed·2022-07-08·CVSS 7.5
CVE-2021-29281 [HIGH] CWE-434 GHSA-gxxx-8rjm-vqf3: File upload vulnerability in GFI Mail Archiver versions up to and including 15
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
GHSA
GHSA-8wc5-2r9c-cj2g: Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP
ghsa_unreviewed·2022-05-17
CVE-2014-2217 [HIGH] CWE-22 GHSA-8wc5-2r9c-cj2g: Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.
CISA ICS
Hitachi ABB Power Grids eSOMS Telerik
cisa_ics·2021-03-18·CVSS 9.8
[CRITICAL] Hitachi ABB Power Grids eSOMS Telerik
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi ABB Power Grids eSOMS Telerik
Last RevisedMarch 18, 2021
Alert CodeICSA-21-077-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Hitachi ABB Power Grids
- Equipment: eSOMS Telerik
- Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Improper Input Validation, Inadequate Encryption Strength, Insufficiently Protected Credentials, Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to upload malicious files to the server, discover se
No detection rules found.
No public exploits indexed.
Tenable
GFI Archiver v15.7 Multiple vulnerabilities
blogs_tenable·2025-06-10
GFI Archiver v15.7 Multiple vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)
blogs_tenable·2020-07-22·CVSS 9.8
[CRITICAL] Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2014-12-25
Published