Lucene search
K

57 matches found

OpenVAS
OpenVAS
added 2015/04/22 12:0 a.m.21 views

Tumbleweed SecureTransport Detection

Detection of the installation and version of a Tumbleweed SecureTransport. The script sends HTTP GET requests and tries to confirm the Tumbleweed SecureTransport installation and version from the responses. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted fro...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2015/04/22 12:0 a.m.14 views

Axway SecureTransport Detection

Detection of the installation and version of a Axway SecureTransport. The script sends HTTP GET requests and tries to confirm the Axway SecureTransport installation and version from the responses. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2015/04/22 12:0 a.m.10 views

Tumbleweed SecureTransport Directory Traversal Vulnerability

Tumbleweed SecureTransport is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2015/04/22 12:0 a.m.27 views

Axway SecureTransport Directory Traversal Vulnerability

Axway SecureTransport is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.2AI score
Exploits0References2
NVD
NVD
added 2014/11/04 3:55 p.m.16 views

CVE-2013-7057

Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...

6.8CVSS7.2AI score0.01429EPSS
Exploits5References3
Prion
Prion
added 2014/11/04 3:55 p.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...

6.8CVSS7.7AI score0.01429EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2014/11/04 3:0 p.m.28 views

CVE-2013-7057

Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...

7.2AI score0.01429EPSS
Exploits5References3
CVE
CVE
added 2014/11/04 3:0 p.m.52 views

CVE-2013-7057

The CVE-2013-7057 issue affects Axway SecureTransport (5.1 SP2 and earlier). A CSRF flaw in the web API (api/v1.0/files/) allows an attacker to hijack the authenticated user and upload arbitrary files, potentially enabling web shells. Public sources (Seebug, Exploit-DB) describe arbitrary file up...

6.8CVSS7.3AI score0.01429EPSS
Exploits5References3Affected Software1
0day.today
0day.today
added 2014/10/28 12:0 a.m.44 views

Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF

Exploit for php platform in category web applications function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "...

6.8CVSS0.3AI score0.01429EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow

No description provided by source. $Id: tumbleweedfiletransfer.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
NVD
NVD
added 2014/02/27 1:55 a.m.31 views

CVE-2014-1263

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

4.3CVSS6.9AI score0.02862EPSS
Exploits2References11
Prion
Prion
added 2014/02/27 1:55 a.m.25 views

Code injection

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

4.3CVSS6.5AI score0.02862EPSS
Exploits2References11Affected Software1
CVE
CVE
added 2014/02/27 1:0 a.m.68 views

CVE-2014-1263

CVE-2014-1263 affects curl/libcurl 7.27.0–7.35.0 when using the SecureTransport/Darwinssl backend on macOS (OS X 10.9.x before 10.9.2). The flaw disables hostname verification for certificates when connecting to URLs that use IP addresses, allowing MITM attackers to spoof servers with arbitrary v...

4.3CVSS5.3AI score0.02862EPSS
Exploits2References11Affected Software1
Debian CVE
Debian CVE
added 2014/02/27 1:0 a.m.66 views

CVE-2014-1263

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

4.3CVSS6.1AI score0.02862EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/08/21 12:0 a.m.120 views

Tumbleweed SecureTransport vcst_eu.dll ActiveX Control Buffer Overflows

The remote host contains the TumbleWeed SecureTransport ActiveX control, used to perform secure file transfer functions. The version of this control on the remote host is reportedly affected by multiple stack-based buffer overflows. If an attacker can trick a user on the affected host into visiti...

9.3CVSS6.7AI score0.35128EPSS
Exploits4References2
NVD
NVD
added 2012/12/13 11:53 a.m.15 views

CVE-2012-4991

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...

8.5CVSS6.4AI score0.04553EPSS
Exploits4References1
Prion
Prion
added 2012/12/13 11:53 a.m.24 views

Directory traversal

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...

8.5CVSS6.9AI score0.04553EPSS
Exploits4References1Affected Software1
Cvelist
Cvelist
added 2012/12/13 11:0 a.m.24 views

CVE-2012-4991

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...

6.4AI score0.04553EPSS
Exploits4References1
CVE
CVE
added 2012/12/13 11:0 a.m.57 views

CVE-2012-4991

CVE-2012-4991 concerns Axway SecureTransport 5.1 SP2 and earlier, where a path traversal vulnerability via a encoded backslash in a URI (..%5C) allows remote authenticated users to read, delete, create files, or list directories. Affected: SecureTransport on Windows; root cause is directory trave...

8.5CVSS6.5AI score0.04553EPSS
Exploits4References1Affected Software1
exploitpack
exploitpack
added 2012/12/12 12:0 a.m.60 views

Axway Secure Transport 5.1 SP2 - Directory Traversal

Axway Secure Transport 5.1 SP2 - Directory Traversal Secure Transport Path Traversal Vulnerability Public Disclosure Date: November 11, 2012 Vendors Affected: Axway http://www.axway.com Systems Affected: Secure Transport Problem: A path traversal vulnerability was identified in SecureTransport...

8.5CVSS0.1AI score0.04553EPSS
Exploits4
Rows per page
Query Builder