EUVD-2013-6856

Malware in sbrugna...

EUVD-2012-4915

Malware in sbrugna...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2012-4991

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

Design/Logic Flaw

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2019-14277

CVE-2019-14277 affects Axway SecureTransport 5.x (through 5.3; and 5.x through 5.5 with certain API configuration). The issue is unauthenticated blind XML injection (and XXE) in the REST API resetPassword function, with potential for local file disclosure, DoS, or URI invocation attacks (SSRF) th...

PT-2019-13579 · Axway · Axway Securetransport

Name of the Vulnerable Software and Affected Versions: Axway SecureTransport versions 5.x through 5.3 Axway SecureTransport versions 5.x through 5.5 with certain API configuration Description: The issue concerns unauthenticated blind XML injection and XXE in the resetPassword functionality via th...

Axway SecureTransport Code Issue Vulnerability

Axway SecureTransport is a suite of applications for the secure transfer of files and data from the French company Axway. Axway SecureTransport is vulnerable to a code issue. The vulnerability stems from an improperly designed or implemented code development process for a networked system or...

Axway SecureTransport 5 - Unauthenticated XML Injection

Axway SecureTransport 5 - Unauthenticated XML Injection Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...

Axway SecureTransport 5 - Unauthenticated XML Injection

Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Link:...

Axway SecureTransport 5 - Unauthenticated XML Injection Vulnerability

Exploit for linux platform in category web applications Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...

Axway SecureTransport Detection

Detection of the installation and version of a Axway SecureTransport. The script sends HTTP GET requests and tries to confirm the Axway SecureTransport installation and version from the responses. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a...

CVE-2013-7057

Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...

CVE-2013-7057

The CVE-2013-7057 issue affects Axway SecureTransport (5.1 SP2 and earlier). A CSRF flaw in the web API (api/v1.0/files/) allows an attacker to hijack the authenticated user and upload arbitrary files, potentially enabling web shells. Public sources (Seebug, Exploit-DB) describe arbitrary file up...

CVE-2013-7057

Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...

Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF

Exploit for php platform in category web applications function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "...