“I cannot provide any further information on the issue,” Luke said. Notes accompanying the exploit script found by Imperva claim the vulnerability was discovered on Aug. 22.

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.

Tenable's script logs into the FileCatalyst Workflow application anonymously and performs an SQL Injection via the 'jobID' parameter to insert a new admin user ('operator') with a known password ...