CVE-2015-7679

Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...

CVE-2015-7677

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

CVE-2015-7678

CVE-2015-7678 affects Ipswitch MOVEit Mobile 1.2.0.962 and earlier. The issue is cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The connected materials confirm the product and vulnerability cla...

CVE-2015-7679

CVE-2015-7679 is a Cross-Site Scripting (XSS) vulnerability in Ipswitch MOVEit Mobile prior to version 1.2.2. The issue allows an attacker to inject arbitrary script/HTML via the query string to the mobile/ endpoint. Connected sources specify MOVEit Mobile affected versions include 1.2.0.962 and ...

CVE-2015-7677

CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...

CVE-2015-7675

The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...

CVE-2015-7675

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 is affected. An unauthenticated attacker can enumerate valid usernames by sending SOAP requests to machine.aspx, due to different error messages depending on account existence. Root cause: inconsistent error handling that leaks existence information. Impact: informa...

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Request Forgery

Profundis Labs - Security Advisory Vulnerablity Title ================== MOVEit Filetransfer Cross Site Request Forgery Vulnerability CVE-2015-7678 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets...

Ipswitch MOVEit DMZ 8.1 Authorization Bypass

Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit web and mobile application allows for unauthorized access to arbitrary files and documents Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is a...

Ipswitch MOVEit DMZ 8.1 Information Disclosure

Profundis Labs - Security Advisory Vulnerablity Title ================== Enumeration of existing usernames Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view, secure, and control all...

Ipswitch MOVEit DMZ 8.1 File ID Enumeration

Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit application allows the enumeration of existing FileIDs CVE-2015-7677 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file...

Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Scripting

Profundis Labs - Security Advisory Vulnerablity Title ================== Missing input validation vulnerability Reflected XSS Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view,...

Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting

Profundis Labs - Security Advisory Vulnerability Title ================== Persistent Cross-Site-Scripting XSS vulnerability by file upload due to insecure default configuration Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated fi...