Lucene search
K

32 matches found

NVD
NVD
added 2026/04/21 3:16 p.m.10 views

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS0.00155EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.4 views

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:14 p.m.4 views

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:10 p.m.5 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

7.3CVSS5.8AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.11 views

PT-2025-49314

Name of the Vulnerable Software and Affected Versions GoAnywhere MFT versions prior to 7.9.0 Description An improper access control exists in the SFTP service. This affects web users who have an authentication alias and a valid SSH key, but are limited to password authentication for SFTP. These...

4.2CVSS6.8AI score0.00151EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/18 2:58 p.m.6 views

CVE-2025-3871

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password GOTP email two-factor authentication 2FA and the user has not set an email address. In this scenario, the attacker may ent...

5.3CVSS7.3AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2025/07/16 2:15 p.m.9 views

CVE-2025-3871

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password GOTP email two-factor authentication 2FA and the user has not set an email address. In this scenario, the attacker may ent...

5.3CVSS0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.5 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.8.1 that stems from an access control flaw that could lead to a denial of service attack...

5.3CVSS6.3AI score0.0032EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.374 views

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft...

9.8CVSS7AI score0.95086EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.11 views

Fortra GoAnywhere Managed File Transfer (MFT) < 7.4.2 Path Traversal (CVE-2024-25156)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is 7.4.2. It is, therefore, affected by an Path Traversal vulnerability. This can allow an unauthenticated attacker to create an admin user via the administration...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2024/02/09 7:35 p.m.50 views

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

7.5CVSS8.6AI score0.95086EPSS
Exploits13
Metasploit
Metasploit
added 2024/02/02 7:51 p.m.236 views

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable. Module Options m...

9.8CVSS8.1AI score0.95086EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.465 views

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability in Fortra GoAnywhere MFT th...

9.8CVSS7.4AI score0.95086EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2024/01/29 7:36 a.m.30 views

A week in security (January 22 &#8211; January 28)

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware,...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/25 1:32 p.m.38 views

Patch now! Fortra GoAnywhere MFT vulnerability exploit available

On January 22, 2024, software company Fortra warned customers about a new authentication bypass vulnerability impacting GoAnywhere MFT Managed File Transfer that allows an attacker to create a new admin user. Fortra GoAnywhere MFT is a file transfer solution that organizations use to exchange the...

7.5CVSS7.4AI score0.95086EPSS
Exploits8
GithubExploit
GithubExploit
added 2024/01/24 8:10 p.m.569 views

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Dee...

9.8CVSS9.9AI score0.95086EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.41 views

Fortra GoAnywhere Managed File Transfer (MFT) < 7.4.1 Authentication Bypass (CVE-2024-0204)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is 7.4.1. It is, therefore, affected by an authentication bypass vulnerability. This can allow an unauthenticated attacker to create an admin user via the...

9.8CVSS8.7AI score0.95086EPSS
Exploits8References2
Vulnrichment
Vulnrichment
added 2024/01/22 6:5 p.m.6 views

CVE-2024-0204 Authentication Bypass in GoAnywhere MFT

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS7.1AI score0.95086EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2023/05/31 12:0 a.m.15 views

Fortra GoAnywhere MFT < 7.1.2 Remote Code Execution

Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.1.2 suffer from a deserialization vulnerability in the LicenseResponse servlet. By crafting a specific serialized object, ...

7.2CVSS8.3AI score0.99999EPSS
Exploits12References3
Rows per page
Query Builder