Lucene search
K

40 matches found

CNNVD
CNNVD
added 2021/06/23 12:0 a.m.5 views

Accellion Kiteworks 安全漏洞

Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...

6.7CVSS5.6AI score0.00934EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/25 12:0 a.m.6 views

Accellion kiteworks authentication bypass vulnerability

Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An authentication bypass vulnerability exists in versions of Accellion kiteworks prior to 2017.01.00. A remote attacker could exploit the vulnerability by...

6.5CVSS6.8AI score0.01065EPSS
Exploits0References1
OSV
OSV
added 2018/05/24 1:29 p.m.3 views

CVE-2017-9421

Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...

6.5CVSS6AI score0.01065EPSS
Exploits0References1
NVD
NVD
added 2018/05/24 1:29 p.m.19 views

CVE-2017-9421

Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...

6.5CVSS6.7AI score0.01065EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/24 1:0 p.m.20 views

CVE-2017-9421

Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...

6.7AI score0.01065EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/27 12:0 a.m.5 views

Accellion Kiteworks Elevation of Privilege Vulnerability

Accellion Kiteworks is the leading private cloud platform for secure content. An elevation of privilege vulnerability exists in Accellion Kiteworks that allows authenticated KiteWorks users to elevate privileges...

7.8CVSS7.1AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/27 12:0 a.m.6 views

Accellion Kiteworks Cross-Site Scripting Vulnerability

Accellion Kiteworks is the leading private cloud platform for secure content. A cross-site scripting vulnerability exists in versions of Accellion Kiteworks prior to 2016.03.00 due to the program failing to properly filter user-supplied parameters. Allowing an attacker to exploit the vulnerabilit...

6.1CVSS6.8AI score0.00896EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/27 12:0 a.m.7 views

Accellion Kiteworks Security Bypass Vulnerability

Accellion Kiteworks is the leading private cloud platform for secure content. A security bypass vulnerability exists in Accellion Kiteworks version 2016.03.00, which allows attackers to bypass security restrictions and perform unauthorized operations...

5CVSS6.9AI score0.02389EPSS
Exploits0References1
OSV
OSV
added 2016/08/26 7:59 p.m.4 views

CVE-2016-5664

Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...

4.3CVSS5.8AI score0.02389EPSS
Exploits0References2
OSV
OSV
added 2016/08/26 7:59 p.m.5 views

CVE-2016-5663

Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...

6.1CVSS5.9AI score0.00896EPSS
Exploits0References2
NVD
NVD
added 2016/08/26 7:59 p.m.18 views

CVE-2016-5663

Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...

6.1CVSS6.1AI score0.00896EPSS
Exploits0References2
OSV
OSV
added 2016/08/26 7:59 p.m.5 views

CVE-2016-5662

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...

7.8CVSS5.8AI score0.00383EPSS
Exploits0References2
Prion
Prion
added 2016/08/26 7:59 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...

4.3CVSS6AI score0.00896EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/08/26 7:59 p.m.15 views

Directory traversal

Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...

5CVSS7AI score0.02389EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/08/26 7:0 p.m.31 views

CVE-2016-5663

Multiple cross-site scripting XSS vulnerabilities in oauthcallback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the 1 code, 2 error, or 3 errordescription parameter...

6.2AI score0.00896EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/08/26 7:0 p.m.19 views

CVE-2016-5664

Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI...

4.8AI score0.02389EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/08/26 7:0 p.m.22 views

CVE-2016-5662

Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors...

7.7AI score0.00383EPSS
Exploits0References2
CVE
CVE
added 2016/08/26 7:0 p.m.43 views

CVE-2016-5663

The CVE-2016-5663 entry relates to multiple cross-site scripting (XSS) flaws in oauth_callback.php on Accellion Kiteworks appliances prior to kw2016.03.00. The root cause is improper neutralization/validation of user-supplied input, allowing an unauthenticated remote attacker to inject scripts vi...

6.1CVSS6.1AI score0.00896EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/08/26 7:0 p.m.57 views

CVE-2016-5664

CVE-2016-5664 affects Accellion Kiteworks appliances prior to kw2016.03.00. The vulnerability is a directory traversal flaw that allows an unauthenticated remote attacker to read files outside the webroot via a crafted URI. Public sources (NVD) assign a network-based, low- to moderate-severity im...

5CVSS4.7AI score0.02389EPSS
Exploits0References2Affected Software1
CERT
CERT
added 2016/08/26 12:0 a.m.127 views

Accellion Kiteworks contains multiple vulnerabilities

Overview The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Description CWE-276: Incorrect Default Permissions - CVE-2016-5662 The /opt/bin/cli script has setuid permissions by default, allowing an authenticated KiteWorks users to escalate privilege...

7.8CVSS6.4AI score0.02389EPSS
Exploits0References1
Rows per page
Query Builder