21 matches found
EUVD-2024-22493
Malicious code in bioql PyPI...
EUVD-2024-22492
Malicious code in bioql PyPI...
CVE-2024-25154
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...
CVE-2024-25155
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
Fortra FileCatalyst Direct Directory Traversal (CVE-2024-25154) (Version Check)
The version of Fortra FileCatalyst Direct running on the remote host is prior to 3.8.9. It is, therefore, is affected by a number of vulnerabilities - Improper URL validation allows path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to retu...
CVE-2024-5275
CVE-2024-5275 involves a hard-coded password in the FileCatalyst TransferAgent that can unlock the keystore and expose contents such as private keys, enabling potential MiTM on affected users. Affected products and versions: FileCatalyst Direct 3.8.10 Build 138 and earlier, and FileCatalyst Workf...
FileCatalyst Direct Security Vulnerability
FileCatalyst Direct is a pure software solution that uses a server-client architecture to manage and accelerate file transfers. A security vulnerability exists in FileCatalyst Direct 3.8.10 Build 138 and earlier and FileCatalyst Workflow 5.1.6 Build 130 and earlier, which stems from the presence ...
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a...
CVE-2024-25154
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...
CVE-2024-25155
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
CVE-2024-25154
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...
Path traversal
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...
Design/Logic Flaw
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
CVE-2024-25155 Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
CVE-2024-25155 Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier
In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...
CVE-2024-25154 Path Traversal in FileCatalyst Direct 3.8.8 and Earlier
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...
CVE-2024-25154 Path Traversal in FileCatalyst Direct 3.8.8 and Earlier
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...
CVE-2024-25154
CVE-2024-25154 affects FileCatalyst Direct 3.8.8 and earlier, due to improper URL validation that allows path traversal. An encoded payload can cause the web server to return files outside the web root, potentially leaking data. Public references in connected documents indicate remediation via up...
FileCatalyst Direct Security Vulnerability
FileCatalyst Direct is a pure software solution that uses a server-client architecture to manage and accelerate file transfers. A security vulnerability exists in FileCatalyst Direct versions 3.8.6 through 3.8.8 that stems from a reflective cross-site scripting XSS vulnerability in which the web...
PT-2024-20788 · Unknown · Filecatalyst Direct
Name of the Vulnerable Software and Affected Versions: FileCatalyst Direct versions 3.8.6 through 3.8.8 Description: The web server in FileCatalyst Direct does not properly sanitize illegal characters in a URL, which can be displayed on a subsequent error page. This allows a malicious actor to...