57 matches found
Tumbleweed SecureTransport Detection
Detection of the installation and version of a Tumbleweed SecureTransport. The script sends HTTP GET requests and tries to confirm the Tumbleweed SecureTransport installation and version from the responses. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted fro...
Axway SecureTransport Detection
Detection of the installation and version of a Axway SecureTransport. The script sends HTTP GET requests and tries to confirm the Axway SecureTransport installation and version from the responses. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a...
Tumbleweed SecureTransport Directory Traversal Vulnerability
Tumbleweed SecureTransport is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Axway SecureTransport Directory Traversal Vulnerability
Axway SecureTransport is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
CVE-2013-7057
Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...
CVE-2013-7057
Cross-site request forgery CSRF vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/...
CVE-2013-7057
The CVE-2013-7057 issue affects Axway SecureTransport (5.1 SP2 and earlier). A CSRF flaw in the web API (api/v1.0/files/) allows an attacker to hijack the authenticated user and upload arbitrary files, potentially enabling web shells. Public sources (Seebug, Exploit-DB) describe arbitrary file up...
Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF
Exploit for php platform in category web applications function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "...
Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow
No description provided by source. $Id: tumbleweedfiletransfer.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
CVE-2014-1263
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...
Code injection
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...
CVE-2014-1263
CVE-2014-1263 affects curl/libcurl 7.27.0–7.35.0 when using the SecureTransport/Darwinssl backend on macOS (OS X 10.9.x before 10.9.2). The flaw disables hostname verification for certificates when connecting to URLs that use IP addresses, allowing MITM attackers to spoof servers with arbitrary v...
CVE-2014-1263
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...
Tumbleweed SecureTransport vcst_eu.dll ActiveX Control Buffer Overflows
The remote host contains the TumbleWeed SecureTransport ActiveX control, used to perform secure file transfer functions. The version of this control on the remote host is reportedly affected by multiple stack-based buffer overflows. If an attacker can trick a user on the affected host into visiti...
CVE-2012-4991
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...
Directory traversal
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...
CVE-2012-4991
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to 1 read, 2 delete, or 3 create files, or 4 list directories, via a ..%5C encoded dot dot backslash in a URI...
CVE-2012-4991
CVE-2012-4991 concerns Axway SecureTransport 5.1 SP2 and earlier, where a path traversal vulnerability via a encoded backslash in a URI (..%5C) allows remote authenticated users to read, delete, create files, or list directories. Affected: SecureTransport on Windows; root cause is directory trave...
Axway Secure Transport 5.1 SP2 - Directory Traversal
Axway Secure Transport 5.1 SP2 - Directory Traversal Secure Transport Path Traversal Vulnerability Public Disclosure Date: November 11, 2012 Vendors Affected: Axway http://www.axway.com Systems Affected: Secure Transport Problem: A path traversal vulnerability was identified in SecureTransport...