66 matches found
Accellion File Transfer Appliance Arbitrary Command Execution Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A security vulnerability exists in Accellion FTA versions prior to FTA91240. A remote attacker can exploit the...
Accellion File Transfer Appliance SQL Injection Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. Accellion FTA A SQL injection vulnerability exists in the home/seos/courier/securitykey2.api file in versions...
Accellion File Transfer Appliance Privilege Gain Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A security vulnerability exists in Accellion FTA versions prior to FTA91240. A local attacker can exploit the...
Accellion File Transfer Appliance Cross-Site Scripting Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A cross-site scripting vulnerability exists in Accellion FTA versions prior to FTA91240. A remote attacker can...
CVE-2016-2353
The Accellion File Transfer Appliance FTA before FTA91240 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors...
CVE-2016-2352
The Accellion File Transfer Appliance FTA before FTA91240 allows remote authenticated users to execute arbitrary commands by leveraging the YUMCLIENT restricted-user role...
CVE-2016-2351
SQL injection vulnerability in home/seos/courier/securitykey2.api on the Accellion File Transfer Appliance FTA before FTA91240 allows remote attackers to execute arbitrary SQL commands via the clientid parameter...
Authentication flaw
The Accellion File Transfer Appliance FTA before FTA91240 allows remote authenticated users to execute arbitrary commands by leveraging the YUMCLIENT restricted-user role...
Sql injection
SQL injection vulnerability in home/seos/courier/securitykey2.api on the Accellion File Transfer Appliance FTA before FTA91240 allows remote attackers to execute arbitrary SQL commands via the clientid parameter...
CVE-2016-2351
CVE-2016-2351 affects the Accellion File Transfer Appliance (FTA) prior to FTA_9_12_40. The vulnerability is an SQL injection in the file path home/seos/courier/security_key2.api that allows a remote attacker to execute arbitrary SQL commands via the client_id parameter, as documented by NVD and ...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA 'statecode' Cookie Arbitrary File Read
This module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'statecode' cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal...
Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30796/info Accellion File Transfer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
Accellion Secure File Transfer Appliance Multiple Command Restriction Weakness Local Privilege Escalation
No description provided by source. source: http://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote...
Accellion File Transfer Appliance Error Report Message - Open Email Relay Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31178/info Accellion File Transfer Appliance is prone to an open-email-relay vulnerability. An attacker could exploit this issue by constructing a script that would send unsolicited spam to an unrestricted amount of email...
Accellion FTA MPIPE2 Command Execution
This module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to...
Accellion File Transfer Appliance MPIPE2 - Command Execution (Metasploit)
$Id: accellionftampipe2.rb 11935 2011-03-11 17:37:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...