Fortra FileCatalyst Direct Server Installed (Linux / Unix)

Binary data fortrafilecatalystdirectnixinstalled.nbin...

The vulnerability of the ftpservlet component of the FileCatalyst Workflow software allows a perpetrator to execute arbitrary code.

The vulnerability of the ftpservlet component in the FileCatalyst Workflow software lies in errors during the processing of HTTP POST requests. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading specially crafted JSP files remotely...

Fortra FileCatalyst Direct Server Installed (Windows)

Binary data fortrafilecatalystdirectserverwininstalled.nbin...

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a...

Exploit for External Control of Assumed-Immutable Web Parameter in Fortra Filecatalyst_Workflow

Exploit for CVE-2024-25153 ---...

CVE-2024-25154

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

CVE-2024-25155

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

CVE-2024-25154

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

Directory traversal

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

Path traversal

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

Design/Logic Flaw

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

CVE-2024-25155 Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

CVE-2024-25155

CVE-2024-25155 affects FileCatalyst Direct web server in versions 3.8.6–3.8.8. The issue arises from improper sanitization of illegal characters in URLs, which are then displayed on a subsequent error page. This can enable an attacker to craft a URL that executes arbitrary code within an HTML scr...

CVE-2024-25155 Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

CVE-2024-25154 Path Traversal in FileCatalyst Direct 3.8.8 and Earlier

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

CVE-2024-25154 Path Traversal in FileCatalyst Direct 3.8.8 and Earlier

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

CVE-2024-25154

CVE-2024-25154 affects FileCatalyst Direct 3.8.8 and earlier, due to improper URL validation that allows path traversal. An encoded payload can cause the web server to return files outside the web root, potentially leaking data. Public references in connected documents indicate remediation via up...

CVE-2024-25153 Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...