Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance FTA servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting...

FileZen OS Command Injection Vulnerability

FileZen is a device for secure file transfer and sharing via email or web interface. An OS command injection vulnerability exists in FileZen 3.0.0 - 4.2.7, 5.0.0 - 5.0.2. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...

Accellion FTA OS Command Injection Vulnerability

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912370 and earlier versions. An attacker can exploit this vulnerability by...

Accellion FTA OS Command Injection Vulnerability (CNVD-2021-11053)

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912411 and earlier versions. The vulnerability can be exploited to execute...

Accellion FTA SQL Injection Vulnerability

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. A SQL injection vulnerability exists in Accellion FTA 912370 and earlier versions. The vulnerability can be exploited to conduct a SQL...

Accellion FTA Server-Side Request Forgery Vulnerability

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. A server-side request forgery vulnerability exists in Accellion FTA 912411 and earlier versions. An attacker can exploit this...

Fedora 32 : spice-vdagent (2021-510977db25)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-510977db25 advisory. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local...

CVE-2021-27103

Accellion FTA 912411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA912416 and later...

CVE-2021-27102

Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later...

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

PT-2021-2474

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 411 and earlier Description The issue concerns Accellion FTA File Transfer Application and relates to a failure to neutralize specific elements used in an operating system command. Exploitation may allow an attacker...

Accellion FTA 代码问题漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. A server-side request forgery vulnerability exists in Accellion FTA 912411 and earlier versions. An attacker can exploit this...

Accellion FTA 操作系统命令注入漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912411 and earlier versions. The vulnerability can be exploited to execute...

PT-2021-2473

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized acces...

Accellion FTA 操作系统命令注入漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912370 and earlier versions. An attacker can exploit this vulnerability by...

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

Singtel, Tier 1 telecom carrier throughout Asia and owner of Australian telco Optus, has been impacted by a software security hole in a third-party file transfer appliance targeted by attackers. Singtel is one of multiple organizations affected by the bug, including an Australian medical research...

Fedora 33 : spice-vdagent (2021-09ce0cdfac)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-09ce0cdfac advisory. - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local...

Edge Redirector Cloudlet Gets Faster

Cloudlets Policy Manager often takes a long time to load, which is a by-product of its original design where every policy activation is an individual file. These files must be moved around the network, and as you might imagine, transferring thousands of files in a multi-tenant network can take a...

SolarWinds Serv-U FTP Server Cross-Site Scripting Vulnerability (CNVD-2021-14805)

SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A cross-site scripting vulnerability exists in SolarWinds Serv-U before 15.2.2, which allows reflection of XSS via authentication.No detailed vulnerability details are available at this time...

OESA-2021-1004 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols.\r\n\r\n Security Fixes:\r\n\r\n Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending...