Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is being tracked as CVE-2023-35708 , also concerns an SQL injection vulnerability that...

Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is being tracked as CVE-2023-35708, also concerns an SQL injection vulnerability that...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit-CVE-2023-34362 Repository with everything I have tracki...

Insight on Vulnerabilities in MOVEit Transfer

Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back...

Insights on the MOVEit File Transfer Vulnerability

Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back...

Vulnerability discovered in MOVEit Transfer

Progress has indicated in a blog post that a vulnerability has been found in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person to obtain sensitive data through of an SQL injection to obtain sensitive data. The vulnerability has not yet been assigned a CVE...

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

Progress MOVEit Transfer < 2020.1.10 / 2021.0.x < 2021.0.8 / 2021.1.x < 2021.1.6 / 2022.0.x < 2022.0.6 / 2022.1.x < 2022.1.7 / 2023.0.x < 2023.0.3 Privilege Escalation

Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023.0.3 15.0.3 and other specific fixed versions stated below. The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of th...

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

CVE-2023-35708

MOVEit Transfer is affected by a SQL injection in the web application that can allow an unauthenticated attacker to modify and disclose MOVEit’s database content. Affected versions include 2020.1.10 (12.1.10) and 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A security vulnerability in Progress Software MOVEit Transfer versions prior to 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3 exists, which originates from...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to enhance their privileges.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

Anonymous Sudan, MOVEit, and Cl0p

There are three concurrent events of significant concern: 1. An Anonymous Sudan group chat on Telegram has revealed imminent threats from Russia to the US financial system, specifically targeting the SWIFT network. The motive behind this attack is disruption. By attacking SWIFT and inducing...

Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability

Progress Software has released a security advisorylink is external for a privilege escalation vulnerability CVE-2023-35708 in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA urges users and...

PT-2023-3209

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2021.0.8 13.0.8 MOVEit Transfer versions prior to 2021.1.6 13.1.6 MOVEit Transfer versions prior to 2022.0.6 14.0.6 MOVEit Transfer versions prior to 2022.1.7 14.1.7 MOVEit Transfer versions prior to 2023.0.3...

UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released

By Waqas Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms. This is a post from HackRead.com Read the original post: UKs Ofcom confirms cyber attack as PoC exploit for MOVE...

Actors, Threats and Vulnerabilities 5 June to 11 June 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of five different vulnerabilities in...

Exploit for SQL Injection in Progress Moveit_Cloud

It is an exploit module for MOVEit Transfer. The vulnerability i...

CVE-2023-35036

In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...