Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...

Progress Software Releases Security Advisory for MOVEit Transfer

Progress Software has released a security advisorylink is external for a SQL injection vulnerability CVE-2023-34362link is external in MOVEit Transfer—a Managed File Transfer Softwarelink is external. A cyber threat actor could exploit this vulnerability to take over an affected system. CISA urge...

VulnCheck KEV: CVE-2023-34362

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to infer...

Actively exploited vulnerability fixed in Progress MOVEit

Progress has fixed a vulnerability in MOVEit Transfer. The vulnerability allows an unauthenticated remote malicious person able to obtain sensitive data processed through the application being processed. In addition, the vulnerability could potentially be exploited to obtain administrator...

Progress MOVEit Transfer < 2020.0 / 2020.1 / 2021.0 < 2021.0.6 / 2021.1.0 < 2021.1.4 / 2022.0.0 < 2022.0.4 / 2022.1.0 < 2022.1.5 / 2023.0.0 < 2023.0.1 Critical Vulnerability (May 2023)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is prior to 2020.0 / 2020.1 / 2021.0 2021.0.6, 2021.1.4, 2022.0.4, 2022.1.5, or 2023.0.1. It is, therefore, affected by a SQL injection vulnerability as referenced in Progress Community article...

PT-2023-3085

The vulnerable software is Progress MOVEit Transfer, which has a SQL injection vulnerability that allows unauthenticated access to the database. This vulnerability affects versions before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1. All versions before...

CVE-2023-30394

The MoveIt framework 1.1.11 for ROS allows cross-site scripting XSS via the API authentication function. NOTE: this issue is disputed by the original reporter because it has "no impact."...

Cross site scripting

Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site scripting XSS vulenrability via the API authentication function...

CVE-2023-30394

The MoveIt framework 1.1.11 for ROS allows cross-site scripting XSS via the API authentication function. NOTE: this issue is disputed by the original reporter because it has "no impact."...

PT-2023-22669 · Unknown · Moveit Framework

Name of the Vulnerable Software and Affected Versions: MoveIt framework version 1.1.11 Description: The issue concerns a cross-site scripting XSS flaw via the API authentication function. This allows for potential malicious script execution. No information is provided about the estimated number o...

MoveIT 跨站脚本漏洞

MoveIT is a state-of-the-art software for robotic arm movement operations from MoveIT. A cross-site scripting vulnerability exists in MoveIT v1.1.11, which stems from the discovery of a cross-site scripting XSS vulnerability via the API authentication feature...

CVE-2023-30394

The MoveIt framework 1.1.11 for ROS allows cross-site scripting XSS via the API authentication function. NOTE: this issue is disputed by the original reporter because it has "no impact."...

CVE-2023-30394

The CVE-2023-30394 entry concerns MoveIt framework 1.1.11 for ROS, where an XSS vulnerability exists in the API authentication function. The issue is widely referenced across multiple feeds, and one source (PT-2023-22669) provides a practical workaround: disable the API authentication function an...

Palantir Public: SQL Injection at https://files.palantir.com/ due to CVE-2021-38159

A vulnerability was discovered in an Internet-facing asset files.palantir.com. A proof of concept POC was developed and used to validate the finding. The vulnerability was patched and resolved. Blog about this vulnerability published. You can read full detail here:...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

Sql injection

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-38159

CVE-2021-38159 affects Progress MOVEit Transfer web applications; versions before 2021.0.4 (13.0.4) are vulnerable to unauthenticated SQL injection. An attacker could access the backend database, potentially inferring schema/data or executing statements that alter or delete elements, with impact ...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. Progress MOVEit Transfer suffers from a SQL injection vulnerability that could be exploited by an unauthenticated, remote attacker to gain access to a database. Depending on the database engine use...