40 matches found
Accellion Kiteworks 安全漏洞
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...
Accellion kiteworks authentication bypass vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An authentication bypass vulnerability exists in versions of Accellion kiteworks prior to 2017.01.00. A remote attacker could exploit the vulnerability by...
CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...
CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...
CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...
Accellion Kiteworks Elevation of Privilege Vulnerability
Accellion Kiteworks is the leading private cloud platform for secure content. An elevation of privilege vulnerability exists in Accellion Kiteworks that allows authenticated KiteWorks users to elevate privileges...
Accellion Kiteworks Cross-Site Scripting Vulnerability
Accellion Kiteworks is the leading private cloud platform for secure content. A cross-site scripting vulnerability exists in versions of Accellion Kiteworks prior to 2016.03.00 due to the program failing to properly filter user-supplied parameters. Allowing an attacker to exploit the vulnerabilit...
Accellion Kiteworks Security Bypass Vulnerability
Accellion Kiteworks is the leading private cloud platform for secure content. A security bypass vulnerability exists in Accellion Kiteworks version 2016.03.00, which allows attackers to bypass security restrictions and perform unauthorized operations...
CVE-2016-5664
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...
CVE-2016-5663
Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...
CVE-2016-5663
Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...
CVE-2016-5662
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...
Directory traversal
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...
CVE-2016-5663
Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...
CVE-2016-5664
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...
CVE-2016-5662
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...
CVE-2016-5663
The CVE-2016-5663 entry relates to multiple cross-site scripting (XSS) flaws in oauth_callback.php on Accellion Kiteworks appliances prior to kw2016.03.00. The root cause is improper neutralization/validation of user-supplied input, allowing an unauthenticated remote attacker to inject scripts vi...
CVE-2016-5664
CVE-2016-5664 affects Accellion Kiteworks appliances prior to kw2016.03.00. The vulnerability is a directory traversal flaw that allows an unauthenticated remote attacker to read files outside the webroot via a crafted URI. Public sources (NVD) assign a network-based, low- to moderate-severity im...
Accellion Kiteworks contains multiple vulnerabilities
Overview The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Description CWE-276: Incorrect Default Permissions - CVE-2016-5662 The /opt/bin/cli script has setuid permissions by default, allowing an authenticated KiteWorks users to escalate privilege...