Lucene search
K

50 matches found

NVD
NVD
added 2017/05/18 6:29 a.m.23 views

CVE-2017-6195

Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20...

9.8CVSS9.9AI score0.01989EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/05/18 6:13 a.m.24 views

CVE-2017-6195

Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20...

10AI score0.01989EPSS
Exploits0References2
Prion
Prion
added 2016/04/15 3:59 p.m.13 views

Cross site scripting

Ipswitch MOVEit File Transfer formerly DMZ 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting XSS attacks by uploading HTML files...

3.5CVSS5.6AI score0.01778EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2016/04/15 3:0 p.m.26 views

CVE-2015-7676

Ipswitch MOVEit File Transfer formerly DMZ 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting XSS attacks by uploading HTML files...

5.1AI score0.01778EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2016/03/25 12:0 a.m.76 views

Ipswitch MOVEit DMZ < 8.2 Multiple Vulnerabilities

The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 8.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Send as Attachment feature due to improper sanitization of user-supplied input to the 'serverFileIds' parameter of mobile/sendMsg and th...

6.5CVSS5.8AI score0.03111EPSS
Exploits5References5
NVD
NVD
added 2016/02/10 3:59 p.m.17 views

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

5.3CVSS5.7AI score0.02149EPSS
Exploits2References4
NVD
NVD
added 2016/02/10 3:59 p.m.17 views

CVE-2015-7679

Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...

6.1CVSS6.1AI score0.01429EPSS
Exploits2References4
NVD
NVD
added 2016/02/10 3:59 p.m.20 views

CVE-2015-7678

Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

8.8CVSS9AI score0.00909EPSS
Exploits1References3
NVD
NVD
added 2016/02/10 3:59 p.m.26 views

CVE-2015-7677

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

4.3CVSS4.8AI score0.02954EPSS
Exploits2References4
NVD
NVD
added 2016/02/10 3:59 p.m.16 views

CVE-2015-7675

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...

6.5CVSS6.1AI score0.03111EPSS
Exploits3References4
Prion
Prion
added 2016/02/10 3:59 p.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6.8CVSS7.7AI score0.00909EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2016/02/10 3:59 p.m.11 views

Authentication flaw

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

5CVSS7.4AI score0.02149EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2016/02/10 3:59 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...

4.3CVSS6.1AI score0.01429EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2016/02/10 3:59 p.m.18 views

Code injection

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

4CVSS6.7AI score0.02954EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2016/02/10 3:59 p.m.14 views

Authorization

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...

4CVSS6.6AI score0.03111EPSS
Exploits3References4Affected Software2
Cvelist
Cvelist
added 2016/02/10 3:0 p.m.21 views

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

5.6AI score0.02149EPSS
Exploits2References4
CVE
CVE
added 2016/02/10 3:0 p.m.64 views

CVE-2015-7677

CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...

4.3CVSS4.3AI score0.02954EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2016/02/10 3:0 p.m.45 views

CVE-2015-7675

The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...

6.5CVSS6.1AI score0.03111EPSS
Exploits3References4Affected Software2
CVE
CVE
added 2016/02/10 3:0 p.m.38 views

CVE-2015-7679

CVE-2015-7679 is a Cross-Site Scripting (XSS) vulnerability in Ipswitch MOVEit Mobile prior to version 1.2.2. The issue allows an attacker to inject arbitrary script/HTML via the query string to the mobile/ endpoint. Connected sources specify MOVEit Mobile affected versions include 1.2.0.962 and ...

6.1CVSS6AI score0.01429EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2016/02/10 3:0 p.m.44 views

CVE-2015-7678

CVE-2015-7678 affects Ipswitch MOVEit Mobile 1.2.0.962 and earlier. The issue is cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The connected materials confirm the product and vulnerability cla...

8.8CVSS8.9AI score0.00909EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder