moveit-online.nl Cross Site Scripting vulnerability OBB-3644053

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit Exploit an exploit of POC for CVE-2023-34362 affe...

VulnCheck KEV: CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access...

Reflecting on supply chain attacks halfway through 2023

Welcome to this weeks edition of the Threat Source newsletter. Between the Talos Takes episode last week and helping my colleague Hazel with the Half-Year in Review, I realized how much I had already forgotten about 2023 already. Its been a whirlwind, personally and professionally, and I think it...

Moving past MOVEit

The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using all the tools, methods, and technologies available to ward off the same type of cyberattacks...

CVE-2023-34362 - a SQL injection vulnerability has been found in the MOVEit Transfer web application.

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites

By Deeba Ahmed The Cl0p Ransomware Gang has begun its clearweb journey by leaking data stolen from PWC.com. This is a post from HackRead.com Read the original post: Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites...

Estée Lauder targeted by Cl0p and BlackCat ransomware groups

Estee Lauder is currently at the heart of a compromise storm, revealing a major security issue via a Security Exchange Commission SEC filing on Tuesday. Although no detailed explanation of what has taken place is given, there is confirmation that an attack allowed access to some systems and...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the improper implementation of the sequence of actions to be performed. This allows a perpetrator to trigger a service failure.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to circumvent security restrictions, execute arbitrary SQL code, and gain unauthorized access to read, modify, or delete data.

The vulnerability of the software for processing and transmitting confidential data using Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to circumvent security restrictions...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to circumvent security restrictions, execute arbitrary SQL code, and gain unauthorized access to read, modify, or delete data.

The vulnerability of the software for processing and transmitting confidential data using Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure during the processing of the UserProcessPassChangeRequest parameter at the human.aspx endpoint. Exploiting...

New MOVEit vulnerability CVE-2023-36934 blocked by Imperva

On July 5, Progress Software released a security advisory for a new critical vulnerability in the MOVEit Transfer software, CVE-2023-36934. With a critical score of 9.1, this bug is a SQL injection vulnerability in the MOVEit Transfer web application with the potential to allow unauthorized acces...

MOVEit Transfer fixes three new vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has warned about three new vulnerabilities in Progress Software's MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information. In the advisory, CISA encouraged users to review Progress MOVEi...

Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfe...

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability,...

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability,...

Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities

Progress Software has released a Service Pack to address three newly disclosed vulnerabilities CVE-2023-36934, CVE-2023-36932, CVE-2023-36933 in MOVEit Transfer. A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users to review...

Vulnerabilities fixed in Progress MOVEit Transfer

Progress has fixed vulnerabilities in MOVEit Transfer. A unauthenticated malicious person could exploit the vulnerabilities to gain access to data in the MOVEit Transfer database. The vulnerabilities found are possibly related to the previously discovered and actively exploited vulnerabilities fo...

Progress MOVEit Transfer < 2020.1.11 / 2021.0 < 2021.0.9 / 2021.1 < 2021.1.7 / 2022.0 < 2022.0.7, 2022.1 < 2022.1.8 / 2023.0 < 2023.0.4 Multiple Vulnerabilities (July 2023)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2020.1.11 / 2021.0 2021.0.9 / 2021.1 2021.1.7 / 2022.0 2022.0.7, 2022.1 2022.1.8 / 2023.0 2023.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in Progress...

CVE-2023-36933

In Progress MOVEit Transfer before 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate...