535 matches found
CVE-2023-35036
In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...
CVE-2023-35036
In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...
Sql injection
In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...
More MOVEit vulnerabilities found while the first one still resonates
In early June, we reported on the discovery of a critical vulnerability in MOVEit Transfer--known as CVE-2023-34362. After the first vulnerability was discovered, MOVEit's owner Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the...
CVE-2023-35036
In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...
Progress Software MOVEit Transfer SQL注入漏洞
Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability exists in Progress Software MOVEit Transfer. An unauthenticated attacker could use this vulnerability to gain unauthorized access to the database, which could be used ...
CVE-2023-35036
In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...
CVE-2023-35036
MOVEit Transfer is affected by a SQL injection vulnerability in its web application. Connected sources confirm an unauthenticated attacker could modify and disclose MOVEit’s database content due to how SQL queries are constructed. Affected versions include pre-2021.0.7 (13.0.7), 2021.1.5 (13.1.5)...
9 Years After the Mt. Gox Hack, Feds Indict Alleged Culprits
Plus: Instagram’s CSAM network gets exposed, Clop hackers claim credit for MOVEit Transfer exploit, and a $35 million crypto heist has North Korean ties...
New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in...
New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in...
Exploit for SQL Injection in Progress Moveit_Cloud
CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfe...
PT-2023-3086 · Ipswitch · Moveit Transfer
Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2021.0.7 13.0.7 MOVEit Transfer versions prior to 2021.1.5 13.1.5 MOVEit Transfer versions prior to 2022.0.5 14.0.5 MOVEit Transfer versions prior to 2022.1.6 14.1.6 MOVEit Transfer versions prior to 2023.0.2...
Progress MOVEit Transfer < 2020.1.9 / 2021.0.x < 2021.0.7 / 2021.1.x < 2021.1.5 / 2022.0.x < 2022.0.5 / 2022.1.x < 2022.1.6 / 2023.0.x < 2023.0.2 Critical Vulnerability (June 2023)
The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2020.1.9, 2021.0.7, 2021.1.5, 2022.0.5, 2022.1.6, or 2023.0.2. It is, therefore, affected by a SQL injection vulnerability as referenced in Progress Community article 000234899. -...
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...
MOVEit SQLi Zero-Day (CVE-2023-34362) Exploited by CL0P Ransomware Group
Akamai Security Intelligence Group, which has been examining the MOVEit vulnerability and its exploitation, provides recommendations for detection and mitigation...
Progress MOVEit Transfer Vulnerability Being Actively Exploited
On June 2nd, CVE-2023-34362 was published against the Progress MOVEit Transfer product and was quickly added to CISA’s Known Exploited Vulnerabilities Catalog. MOVEit Transfer is a managed file transfer solution available as an on-premise solution that enables file transfer between business...
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
Actions to take today to mitigate cyber threats from CL0P ransomware: 1. Take an inventory of assets and data, identifying authorized and unauthorized devices and software. 2. Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate...
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
CISA and FBI released a joint Cybersecurity Advisory CSA CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise IOCs and tactics, techniques, and procedures TTPs...