Lucene search
K

376 matches found

Positive Technologies
Positive Technologies
added 2020/11/17 12:0 a.m.9 views

PT-2020-17024 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2020.1 Description: A malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute...

5.4CVSS5.4AI score0.01408EPSS
Exploits2References6
Exploit DB
Exploit DB
added 2020/10/05 12:0 a.m.761 views

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...

9.4CVSS0.7AI score0.05187EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/04/13 12:0 a.m.106 views

MOVEit Transfer 11.1.1 SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

7.5CVSS0.2AI score0.05187EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/04/13 12:0 a.m.181 views

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

9.4CVSS7AI score0.05187EPSS
Exploits4
0day.today
0day.today
added 2020/04/13 12:0 a.m.40 views

MOVEit Transfer 11.1.1 - (token) Unauthenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2...

0.2AI score0.05187EPSS
Exploits4
CNVD
CNVD
added 2020/02/17 12:0 a.m.3 views

Progress Software MOVEit Transfer SQL Injection Vulnerability (CNVD-2020-19007)

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability in the REST API in Progress Software MOVEit Transfer version 2019.1 before 2019.1.4 and version 2019.2 before 2019.2.1 can be exploited by an attacker to access the...

8.8CVSS8.1AI score0.01233EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/17 12:0 a.m.3 views

Progress Software MOVEit Transfer Cross-Site Scripting Vulnerability

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A cross-site scripting vulnerability exists in version 2019.1 prior to 2019.1.4 and version 2019.2 prior to 2019.2.1 in Progress Software MOVEit Transfer, which stems from a REST API endpoint that ...

9CVSS6.9AI score0.01674EPSS
Exploits0References1
NVD
NVD
added 2020/02/14 7:15 p.m.12 views

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

9CVSS9.2AI score0.01674EPSS
Exploits0References4
OSV
OSV
added 2020/02/14 7:15 p.m.6 views

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

9CVSS7.6AI score0.01674EPSS
Exploits0References4
Prion
Prion
added 2020/02/14 7:15 p.m.12 views

Cross site scripting

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

6CVSS9.1AI score0.01674EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/02/14 6:15 p.m.3 views

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

8.8CVSS7.3AI score0.01233EPSS
Exploits0References4
Prion
Prion
added 2020/02/14 6:15 p.m.18 views

Sql injection

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

6.5CVSS9.1AI score0.01233EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/02/14 6:2 p.m.124 views

CVE-2020-8612

CVE-2020-8612 affects Progress MOVEit Transfer: vulnerable in 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 due to a REST API endpoint that does not adequately sanitize malicious input, enabling an authenticated attacker to execute arbitrary code in a user’s browser (XSS). Connected sources c...

9CVSS9.1AI score0.01674EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2020/02/14 6:2 p.m.13 views

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

9.2AI score0.01674EPSS
Exploits0References4
CVE
CVE
added 2020/02/14 5:59 p.m.121 views

CVE-2020-8611

CVE-2020-8611 reports multiple SQL injection vulnerabilities in the REST API of MOVEit Transfer (versions 2019.1 prior to 2019.1.4 and 2019.2 prior to 2019.2.1). An authenticated attacker could gain unauthorized access to MOVEit Transfer’s database via the REST API, and depending on the database ...

8.8CVSS9.1AI score0.01233EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2019/10/31 5:15 p.m.4 views

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

9.8CVSS7.2AI score0.01487EPSS
Exploits0References2
OSV
OSV
added 2019/10/31 5:15 p.m.4 views

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

9.8CVSS5.8AI score0.0195EPSS
Exploits0References4
NVD
NVD
added 2019/10/31 5:15 p.m.20 views

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

9.8CVSS9.3AI score0.01487EPSS
Exploits0References2
Prion
Prion
added 2019/10/31 5:15 p.m.14 views

Design/Logic Flaw

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

6.8CVSS9.2AI score0.01487EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/10/31 5:15 p.m.13 views

Sql injection

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

7.5CVSS9.9AI score0.0195EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder