CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

535 matches found

Prion•added 2020/02/14 7:15 p.m.•11 views

Cross site scripting

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

6CVSS9.1AI score0.01674EPSS

Exploits0References4Affected Software1

OSV•added 2020/02/14 6:15 p.m.•2 views

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

8.8CVSS7.3AI score0.01233EPSS

Exploits0References4

Prion•added 2020/02/14 6:15 p.m.•17 views

Sql injection

6.5CVSS9.1AI score0.01233EPSS

Exploits0References4Affected Software1

Cvelist•added 2020/02/14 6:2 p.m.•11 views

CVE-2020-8612

9.2AI score0.01674EPSS

Exploits0References4

CVE•added 2020/02/14 6:2 p.m.•123 views

CVE-2020-8612

CVE-2020-8612 affects Progress MOVEit Transfer: vulnerable in 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 due to a REST API endpoint that does not adequately sanitize malicious input, enabling an authenticated attacker to execute arbitrary code in a user’s browser (XSS). Connected sources c...

9CVSS9.1AI score0.01674EPSS

Exploits0References4Affected Software2

CVE•added 2020/02/14 5:59 p.m.•118 views

CVE-2020-8611

CVE-2020-8611 reports multiple SQL injection vulnerabilities in the REST API of MOVEit Transfer (versions 2019.1 prior to 2019.1.4 and 2019.2 prior to 2019.2.1). An authenticated attacker could gain unauthorized access to MOVEit Transfer’s database via the REST API, and depending on the database ...

8.8CVSS9.1AI score0.01233EPSS

Exploits0References4Affected Software2

OSV•added 2019/10/31 5:15 p.m.•2 views

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

9.8CVSS7.2AI score0.01487EPSS

Exploits0References2

OSV•added 2019/10/31 5:15 p.m.•2 views

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

9.8CVSS5.8AI score0.0195EPSS

Exploits0References4

NVD•added 2019/10/31 5:15 p.m.•16 views

CVE-2019-18465

9.8CVSS9.3AI score0.01487EPSS

Exploits0References2

Prion•added 2019/10/31 5:15 p.m.•11 views

Design/Logic Flaw

6.8CVSS9.2AI score0.01487EPSS

Exploits0References2Affected Software1

Prion•added 2019/10/31 5:15 p.m.•11 views

Sql injection

7.5CVSS9.9AI score0.0195EPSS

Exploits0References4Affected Software1

CVE•added 2019/10/31 4:25 p.m.•48 views

CVE-2019-18464

CVE-2019-18464 affects Progress MOVEit Transfer REST API across the affected branches: 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3). The vulnerability is SQL Injection in the REST API that can allow an unauthenticated attacker to gain unauthorized ...

9.8CVSS10AI score0.0195EPSS

Exploits0References4Affected Software1

Cvelist•added 2019/10/31 4:25 p.m.•31 views

CVE-2019-18464

10AI score0.0195EPSS

Exploits0References4

CVE•added 2019/10/31 4:11 p.m.•59 views

CVE-2019-18465

MOVEit Transfer 11.1 (pre-11.1.3) contains a vulnerability that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface, applicable only to specific SSH/SFTP configurations and when the MySQL database is used. The connected documents do not provide explicit exploi...

9.8CVSS9.1AI score0.01487EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/10/31 4:11 p.m.•25 views

CVE-2019-18465

9.3AI score0.01487EPSS

Exploits0References2

CNVD•added 2019/09/25 12:0 a.m.•4 views

Progress Software MOVEit Transfer SQL Injection Vulnerability

Progress Software MOVEit Transfer is an automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A SQL injection vulnerability exists in the MOVEit.DMZ.WebApi.dll file in Progress Software MOVEit Transfer,...

9.4CVSS8.2AI score0.05187EPSS

Exploits4References1

OSV•added 2019/09/24 3:15 p.m.•2 views

CVE-2019-16383

MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker...

9.4CVSS7.3AI score0.05187EPSS

Exploits4References5

NVD•added 2019/09/24 3:15 p.m.•16 views

CVE-2019-16383

9.4CVSS9.4AI score0.05187EPSS

Exploits4References5

Prion•added 2019/09/24 3:15 p.m.•11 views

Sql injection

7.5CVSS9.3AI score0.05187EPSS

Exploits4References5Affected Software1

Cvelist•added 2019/09/24 2:34 p.m.•22 views

CVE-2019-16383