535 matches found
CVE-2015-7676
Ipswitch MOVEit File Transfer formerly DMZ 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting XSS attacks by uploading HTML files...
CVE-2015-7676
CVE-2015-7676 affects Ipswitch MOVEit File Transfer (DMZ) 8.1 and earlier when configured to support file view on download. The root cause is insecure default configuration that allows uploading HTML files, enabling remote authenticated users to perform cross-site scripting (XSS) attacks. Impact ...
Progress MOVEit Transfer Installed (Windows)
Binary data ipswitchdmzftpinstalled.nbin...
Ipswitch MOVEit DMZ < 8.2 Multiple Vulnerabilities
The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 8.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Send as Attachment feature due to improper sanitization of user-supplied input to the 'serverFileIds' parameter of mobile/sendMsg and th...
Ipswitch MOVEit DMZ and MOVEit Mobile File Read Vulnerabilities
Ipswitch MOVEit is an automated file transfer system from Ipswitch USA. DMZ and Mobile are among the versions. Ipswitch MOVEit DMZ and MOVEit Mobile have a security vulnerability in the 'Send as attachment' function due to the mobile/sendMsg URI failing to adequately filter the ' serverFileIds'...
Ipswitch MOVEit Mobile Cross-Site Scripting Vulnerability
Ipswitch MOVEit An automated file transfer system from Ipswitch USA. A cross-site scripting vulnerability exists in Ipswitch MOVEit Mobile, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to obtain sensitive information or hijack...
Ipswitch MOVEit DMZ MOVEitISAPI Information Disclosure Vulnerability
Ipswitch MOVEit is an automated file transfer system from Ipswitch USA. DMZ and Mobile are among the versions. Ipswitch MOVEit A security vulnerability exists in the MOVEitISAPI service of DMZ due to the sending of different error messages based on the presence or absence of a FileID. A remote...
Ipswitch MOVEit DMZ Username Enumeration Vulnerability
Ipswitch MOVEit is an automated file transfer system from Ipswitch, Inc. in the U.S. DMZ is one of the versions. Ipswitch MOVEit DMZ according to the account exists or not to return different error messages, remote attackers can send a series of SOAP to the machine.aspx file please enumerate the...
Ipswitch MOVEit Mobile Cross-Site Request Forgery Vulnerability
Ipswitch MOVEit An automated file transfer system from Ipswitch USA. Ipswitch MOVEit Mobile suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the targ...
CVE-2015-7680
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...
CVE-2015-7679
Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...
CVE-2015-7678
Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2015-7677
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...
Code injection
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...
Authentication flaw
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...
Cross site scripting
Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Authorization
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...
CVE-2015-7675
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...
CVE-2015-7678
Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...