Cross site scripting

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticat...

CVE-2017-5247

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticat...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

CVE-2017-5247

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticat...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

CVE-2017-5247

Biscom Secure File Transfer (SFT) is affected by a cross-site scripting (XSS) vulnerability in the File Name field. An authenticated user with permissions to upload or send files can supply a filename containing HTML/script tags, which can be executed by other authenticated users viewing the file...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...

Biscom Secure File Transfer Stored Cross-Site Scripting Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. In Biscom SFT version 5.1.1015, the 'Name' and 'Description' fields of the workspace and the File Details pane of t...

R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)

Summary The Workspaces component of Biscom Secure File Transfer SFT version 5.1.1015 is vulnerable to stored cross-site scripting in two fields. An attacker would need to have the ability to create a Workspace and entice a victim to visit the malicious page in order to run malicious Javascript in...

Cross site scripting

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...

CVE-2017-5241

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...

CVE-2017-5241

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...

CVE-2017-5241

Biscom Secure File Transfer (SFT) versions 5.0.0.0–5.1.1024 are vulnerable to post-auth persistent XSS in the Name/Description fields of a Workspace and the Description field of a File Details pane for files in a Workspace. The issue is fixed in version 5.1.1025. Exploitation requires an authenti...

Major Hole Plugged in Secure File Transfer Tool

Biscom, a secure document delivery provider, recently patched a serious vulnerability in its secure file transfer product that could have allowed an authenticated hacker access to data shared between other users. Privately alerted in April by Rapid7 a Biscom customer, the company released an...

CVE-2016-10104

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...

DEBIAN-CVE-2016-5725

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ dot dot backslash in a response to a recursive GET command...

How to customize file upload and download using Workspace app for HTML5 and Chrome

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. 1. Customize file upload to view uploaded files inside application File open/save dialogues. 2...

The vulnerability of Juniper SRX 240 router microprogramming software, which allows a hacker to trigger a maintenance failure.

The Juniper SRX 240 router software contains a vulnerability that allows any user registered in the system and having remote access to the device to trigger a situation that causes resource exhaustion overloading of memory, loading of the processor. The vulnerability is related to the search for...

Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords

How to Hack Facebook? That’s the most commonly asked question during this decade. It’s a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached in...

Multiple Huawei products switch memory leak vulnerability

Huawei S5300EI is an S-series switch product from Huawei, China. A memory disclosure vulnerability exists in the HTTPS or SFTP server of multiple Huawei products, which allows remote attackers to conduct denial-of-service attacks by logging in and out of the HTTPS or SFTP server to consume memory...