Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the human.aspx endpoint. A crafted request can trigger execution of SQ...

CVE-2023-36934

MOVEit Transfer web application (versions 12.1.11, 13.0.9, 13.1.7, 14.0.7, 14.1.8, 15.0.4 and earlier) is affected by a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit database by sending a crafted payload to an application endpoi...

CVE-2023-36932

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain...

CVE-2023-36933

In Progress MOVEit Transfer before 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate...

PT-2023-3478 · Progress · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2021.0.9 13.0.9 MOVEit Transfer versions prior to 2021.1.7 13.1.7 MOVEit Transfer versions prior to 2022.0.7 14.0.7 MOVEit Transfer versions prior to 2022.1.8 14.1.8 MOVEit Transfer versions prior to 2023.0.4...

MOVEit SQL Injection Exploit

This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker can levera...

PT-2023-3472 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2020.1.11 12.1.11 MOVEit Transfer versions prior to 2021.0.9 13.0.9 MOVEit Transfer versions prior to 2021.1.7 13.1.7 MOVEit Transfer versions prior to 2022.0.7 14.0.7 MOVEit Transfer versions prior to 2022.1...

Metasploit Weekly Wrap-Up

I like to MOVEit, MOVEit, We like to MOVEit! Party hard just like it's Mardi Gras! bwatters-r7 delivered the dance moves this week with a masterful performance. The windows/http/moveitcve202334362 module is available for all your party needs, taking advantage of CVE-2023-34362, this module gets...

MOVEit SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MOVEit SQL Injection vulnerability', 'Description' = %q This module exploits an SQL injection vulnerability in the MOVEit Transfer web applicatio...

MOVEit SQL Injection vulnerability

This module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker can leverage an...

PT-2023-3443 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2020.1.11 12.1.11 MOVEit Transfer versions prior to 2021.0.9 13.0.9 MOVEit Transfer versions prior to 2021.1.7 13.1.7 MOVEit Transfer versions prior to 2022.0.7 14.0.7 MOVEit Transfer versions prior to 2022.1...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...

MOVEit Vulnerability Breaches Targeted Fed Agencies

Jon Clay and Ed Cabrera talk about the MOVEit breaches and more in the video series TrendTalksBizSec...

Understanding and Mitigating the MOVEit Incidents

Over the last several weeks, attackers have taken advantage of vulnerabilities in MOVEit, a popular file transfer application developed by Progress. Cyber attackers have successfully performed ransomware and exfiltrated data by uploading web shells into vulnerable MOVEit instances deployed...

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

MOVEit discloses THIRD critical vulnerability

In chess, the threefold repetition rule states that a player may claim a draw if the same position occurs three times during the game. Whether this means that customers of the popular file transfer utility MOVEit Transfer can ask for their money back remains to be seen, but we do hope it signals...

What You Need To Know About MOVEit

The MOVEit Vulnerabilities and Latest Exploits. Impact On Governmental Agencies And Large Organizations Governmental agencies and large organizations around the world are being hit by ransomware attacks exploiting several vulnerabilities in MOVEit, a widely used file transfer solution. The...

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

Sql injection

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...