376 matches found
PT-2020-17024 · Ipswitch · Moveit Transfer
Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2020.1 Description: A malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...
MOVEit Transfer 11.1.1 SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
MOVEit Transfer 11.1.1 - (token) Unauthenticated SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2...
Progress Software MOVEit Transfer SQL Injection Vulnerability (CNVD-2020-19007)
Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability in the REST API in Progress Software MOVEit Transfer version 2019.1 before 2019.1.4 and version 2019.2 before 2019.2.1 can be exploited by an attacker to access the...
Progress Software MOVEit Transfer Cross-Site Scripting Vulnerability
Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A cross-site scripting vulnerability exists in version 2019.1 prior to 2019.1.4 and version 2019.2 prior to 2019.2.1 in Progress Software MOVEit Transfer, which stems from a REST API endpoint that ...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...
Cross site scripting
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...
CVE-2020-8611
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...
Sql injection
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...
CVE-2020-8612
CVE-2020-8612 affects Progress MOVEit Transfer: vulnerable in 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 due to a REST API endpoint that does not adequately sanitize malicious input, enabling an authenticated attacker to execute arbitrary code in a user’s browser (XSS). Connected sources c...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...
CVE-2020-8611
CVE-2020-8611 reports multiple SQL injection vulnerabilities in the REST API of MOVEit Transfer (versions 2019.1 prior to 2019.1.4 and 2019.2 prior to 2019.2.1). An authenticated attacker could gain unauthorized access to MOVEit Transfer’s database via the REST API, and depending on the database ...
CVE-2019-18465
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...
CVE-2019-18464
In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...
CVE-2019-18465
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...
Design/Logic Flaw
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...
Sql injection
In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...