535 matches found
CVE-2020-28647
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser XSS...
CVE-2020-28647
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser XSS...
Cross site scripting
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser XSS...
CVE-2020-28647
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser XSS...
CVE-2020-28647
MOVEit Transfer (pre-2020.1) is affected by a stored XSS vulnerability: a malicious payload crafted by an attacker can be stored in the app and, when a user interacts with it, execute arbitrary code in the victim’s browser. Public advisories and a GitHub exploit example describe the existence of ...
Progress Software MOVEit Transfer Cross-Site Scripting Vulnerability
Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A cross-site scripting vulnerability exists in MOVEit Transfer versions prior to 2020.1, which originates from a malicious user being able to write and store payloads in the application. If a victi...
PT-2020-17024 · Ipswitch · Moveit Transfer
Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2020.1 Description: A malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...
CVE-2020-12677
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...
CVE-2020-12677
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...
Design/Logic Flaw
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...
CVE-2020-12677
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...
CVE-2020-12677
CVE-2020-12677 affects Progress MOVEit Automation Web Admin. An endpoint fails to sanitize input, enabling XSS that could let an unauthenticated attacker execute arbitrary code in a victim’s browser. Affected versions include 2018.0 before 2018.0.3; 2018 SP1–SP2 before 2018.2.3–2018.3.7; 2019.0 b...
MOVEit Transfer 11.1.1 SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
MOVEit Transfer 11.1.1 - (token) Unauthenticated SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
Progress Software MOVEit Transfer SQL Injection Vulnerability (CNVD-2020-19007)
Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability in the REST API in Progress Software MOVEit Transfer version 2019.1 before 2019.1.4 and version 2019.2 before 2019.2.1 can be exploited by an attacker to access the...
Progress Software MOVEit Transfer Cross-Site Scripting Vulnerability
Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A cross-site scripting vulnerability exists in version 2019.1 prior to 2019.1.4 and version 2019.2 prior to 2019.2.1 in Progress Software MOVEit Transfer, which stems from a REST API endpoint that ...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...