CVE-2023-6217

CVE-2023-6217 describes a reflected Cross-Site Scripting (XSS) vulnerability in MOVEit Transfer when used with MOVEit Gateway. Affected: MOVEit Transfer versions before 2022.0.9 (14.0.9), before 2022.1.10 (14.1.10), and before 2023.0.7 (15.0.7). Root cause: XSS in a combined MOVEit Gateway/Transf...

Progress MOVEit Transfer Cross-Site Scripting Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from a Reflected Cross-Site Scripting XSS vulnerability when MOVEit Gateway and MOVEit Transfer are used together. Affected products and...

Progress MOVEit Transfer Security Vulnerability

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A security vulnerability exists in Progress MOVEit Transfer that stems from the presence of an elevation of privilege vulnerability. Affected products and versions: Progress MOVEit Transfer versions prior to...

PT-2023-7247 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2022.0.9 14.0.9 MOVEit Transfer versions prior to 2022.1.10 14.1.10 MOVEit Transfer versions prior to 2023.0.7 15.0.7 Description: A privilege escalation path associated with group administrators has been...

PT-2023-7248 · Ipswitch · Moveit Transfer +1

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2022.0.9 14.0.9 MOVEit Transfer versions prior to 2022.1.10 14.1.10 MOVEit Transfer versions prior to 2023.0.7 15.0.7 Description: A reflected cross-site scripting XSS vulnerability has been identified when...

State of Maine data breach impacts 1.3 million people

The US State of Maine says it has suffered a data breach impacting around 1.3 million people. According to the census from July 2022, thats more or less the the entire population of Maine. The State of Maine says it was compromised via a known vulnerability in secure transfer service MOVEit...

Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached

By Deeba Ahmed The damage from the MOVEit hack is slowly emerging. This is a post from HackRead.com Read the original post: Massive MOVEit Hack: 630K+ US Defense Officials Emails Breached...

Ransomware review: October 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

MOVEit Vulnerabilities Expose Organizations to Cyberattacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Critical SQL Injection vulnerabilities in Progress Softwares MOVEit Transfer product, exploited by Clop ransomware gang since May 2023, led to unauthorized access and data breaches, affecting...

Sony Data Breach via MOVEit Vulnerability Affects Thousands in US

By Waqas The data breach occurred from May 28th to May 30th, 2023, and the stolen data included "names and other personal identifiers combined with Social Security Numbers SSNs." This is a post from HackRead.com Read the original post: Sony Data Breach via MOVEit Vulnerability Affects Thousands i...

The Biggest Hack of 2023 Keeps Getting Bigger

Victims of the MOVEit breach continue to come forward. But the full scale of the attack is still unknown...

Exploit for Deserialization of Untrusted Data in Progress Ws_Ftp_Server

WSFTP-CVE-2023-40044 Repository with everything I have track...

Progress MOVEit Transfer < 2021.1.8 / 2022.0 < 2022.0.8, 2022.1 < 2022.1.9 / 2023.0 < 2023.0.6 Multiple Vulnerabilities (September 2023)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2021.1.8 / 2022.0 2022.0.8, 2022.1 2022.1.9 / 2023.0 2023.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in Progress Community article 000241629. - In Progres...

The vulnerability in the software web interface for processing and transmitting confidential data of Progress MOVEit Transfer lies in the lack of validation for XML objects’ sequences, allowing an intruder to gain unauthorized access to the MOVEit Transfer database.

The vulnerability of the software web interface for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of verification of the validity of XML objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...

900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data

By Deeba Ahmed Student Data Managing Platform National Student Clearinghouse Confirmed MOVEit Hack Affected 900 US Schools. This is a post from HackRead.com Read the original post: 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data...

Vulnerabilities fixed in Progress MOVEit Transfer

Progress has fixed vulnerabilities in MOVEit Transfer. The vulnerabilities labeled CVE-2023-40043 and CVE-2023-42660 can be be exploited by an authenticated malicious person to gain access to sensitive data via an SQL injection to gain access to sensitive data. Misuse of the vulnerability with...

CVE-2023-42660

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit...

CVE-2023-40043

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the...

CVE-2023-42656

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a reflected cross-site scripting XSS vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer...

CVE-2023-40043

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the...