Lucene search
K

18 matches found

Packet Storm
Packet Storm
added 2025/05/29 12:0 a.m.87 views

📄 Fortra GoAnywhere MFT 7.4.1 Authentication Bypass

Fortra GoAnywhere MFT version 7.4.1 proof of concept authentication bypass exploit. !/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vend...

9.8CVSS7.7AI score0.95086EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.374 views

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft...

9.8CVSS7AI score0.95086EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2025/02/04 11:5 p.m.10 views

CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS6.8AI score0.95086EPSS
Exploits8References1
Rapid7 Blog
Rapid7 Blog
added 2024/02/09 7:35 p.m.50 views

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

7.5CVSS8.6AI score0.95086EPSS
Exploits13
Metasploit
Metasploit
added 2024/02/02 7:51 p.m.237 views

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable. Module Options m...

9.8CVSS8.1AI score0.95086EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.466 views

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability in Fortra GoAnywhere MFT th...

9.8CVSS7.4AI score0.95086EPSS
Exploits8
Imperva Blog
Imperva Blog
added 2024/01/25 1:44 p.m.33 views

Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204

Recently, Fortra released a security advisory for CVE-2024-0204, a GoAnywhere MFT authentication bypass vulnerability. This bug allows an unauthenticated attacker to create an administrative user by exploiting an InitialAccountSetup.xhtml endpoint–accessible via path traversal–to initiate the...

7.5CVSS8AI score0.95086EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2024/01/25 1:32 p.m.38 views

Patch now! Fortra GoAnywhere MFT vulnerability exploit available

On January 22, 2024, software company Fortra warned customers about a new authentication bypass vulnerability impacting GoAnywhere MFT Managed File Transfer that allows an attacker to create a new admin user. Fortra GoAnywhere MFT is a file transfer solution that organizations use to exchange the...

7.5CVSS7.4AI score0.95086EPSS
Exploits8
VulnCheck KEV
VulnCheck KEV
added 2024/01/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS7.4AI score0.95086EPSS
Exploits8References1
GithubExploit
GithubExploit
added 2024/01/24 8:10 p.m.570 views

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Dee...

9.8CVSS9.9AI score0.95086EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/01/24 5:32 a.m.75 views

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer MFT software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4....

9.8CVSS7.5AI score0.99999EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.36 views

Fortra GoAnywhere Managed File Transfer (MFT) < 7.4.1 Authentication Bypass (CVE-2024-0204)

Binary data fortragoanywheremftCVE-2024-0204.nbin...

9.8CVSS9.6AI score0.95086EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.41 views

Fortra GoAnywhere Managed File Transfer (MFT) < 7.4.1 Authentication Bypass (CVE-2024-0204)

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote web server is 7.4.1. It is, therefore, affected by an authentication bypass vulnerability. This can allow an unauthenticated attacker to create an admin user via the...

9.8CVSS8.7AI score0.95086EPSS
Exploits8References2
Circl
Circl
added 2024/01/22 7:22 p.m.63 views

CVE-2024-0204

creationtimestamp| type| source ---|---|--- 2024-01-22 19:22:23+00:00| seen| https://t.me/ctinow/171373 2024-01-23 22:49:18+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6481 2024-01-23 23:21:24+00:00| published-proof-of-concept| https://t.me/ctinow/172392 2024-01-24 03:16:10+00:0...

9.8CVSS7.1AI score0.95086EPSS
In wildExploits8References29
NVD
NVD
added 2024/01/22 6:15 p.m.25 views

CVE-2024-0204

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS9.5AI score0.95086EPSS
Exploits8References4
Vulnrichment
Vulnrichment
added 2024/01/22 6:5 p.m.6 views

CVE-2024-0204 Authentication Bypass in GoAnywhere MFT

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS7.1AI score0.95086EPSS
Exploits8References4
Cvelist
Cvelist
added 2024/01/22 6:5 p.m.53 views

CVE-2024-0204 Authentication Bypass in GoAnywhere MFT

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal...

9.8CVSS9.6AI score0.95086EPSS
Exploits8References4
CVE
CVE
added 2024/01/22 6:5 p.m.163 views

CVE-2024-0204

CVE-2024-0204 is a critical authentication-bypass vulnerability in Fortra GoAnywhere MFT prior to 7.4.1. An unauthenticated attacker can trigger a path traversal against the InitialAccountSetup.xhtml endpoint, bypass security filters, and create a new administrator account in the GoAnywhere admin...

9.8CVSS9.2AI score0.95086EPSS
In wildExploits8References4Affected Software1
Rows per page
Query Builder