50 matches found
CVE-2015-7675
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...
CVE-2015-7677
CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...
CVE-2015-7675
The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...
CVE-2015-7679
CVE-2015-7679 is a Cross-Site Scripting (XSS) vulnerability in Ipswitch MOVEit Mobile prior to version 1.2.2. The issue allows an attacker to inject arbitrary script/HTML via the query string to the mobile/ endpoint. Connected sources specify MOVEit Mobile affected versions include 1.2.0.962 and ...
Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Request Forgery
Profundis Labs - Security Advisory Vulnerablity Title ================== MOVEit Filetransfer Cross Site Request Forgery Vulnerability CVE-2015-7678 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets...
Ipswitch MOVEit DMZ 8.1 Information Disclosure
Profundis Labs - Security Advisory Vulnerablity Title ================== Enumeration of existing usernames Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view, secure, and control all...
Ipswitch MOVEit DMZ 8.1 Authorization Bypass
Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit web and mobile application allows for unauthorized access to arbitrary files and documents Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is a...
Ipswitch MOVEit DMZ 8.1 File ID Enumeration
Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit application allows the enumeration of existing FileIDs CVE-2015-7677 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file...
Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Scripting
Profundis Labs - Security Advisory Vulnerablity Title ================== Missing input validation vulnerability Reflected XSS Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view,...
Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting
Profundis Labs - Security Advisory Vulnerability Title ================== Persistent Cross-Site-Scripting XSS vulnerability by file upload due to insecure default configuration Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated fi...