Lucene search
K

50 matches found

Cvelist
Cvelist
added 2016/02/10 3:0 p.m.33 views

CVE-2015-7675

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...

6.1AI score0.03111EPSS
Exploits3References4
CVE
CVE
added 2016/02/10 3:0 p.m.64 views

CVE-2015-7677

CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...

4.3CVSS4.3AI score0.02954EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2016/02/10 3:0 p.m.45 views

CVE-2015-7675

The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...

6.5CVSS6.1AI score0.03111EPSS
Exploits3References4Affected Software2
CVE
CVE
added 2016/02/10 3:0 p.m.38 views

CVE-2015-7679

CVE-2015-7679 is a Cross-Site Scripting (XSS) vulnerability in Ipswitch MOVEit Mobile prior to version 1.2.2. The issue allows an attacker to inject arbitrary script/HTML via the query string to the mobile/ endpoint. Connected sources specify MOVEit Mobile affected versions include 1.2.0.962 and ...

6.1CVSS6AI score0.01429EPSS
Exploits2References4Affected Software1
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.51 views

Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Request Forgery

Profundis Labs - Security Advisory Vulnerablity Title ================== MOVEit Filetransfer Cross Site Request Forgery Vulnerability CVE-2015-7678 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets...

6.8CVSS8.9AI score0.00909EPSS
Exploits1
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.49 views

Ipswitch MOVEit DMZ 8.1 Information Disclosure

Profundis Labs - Security Advisory Vulnerablity Title ================== Enumeration of existing usernames Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view, secure, and control all...

5CVSS5.6AI score0.02149EPSS
Exploits2
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.77 views

Ipswitch MOVEit DMZ 8.1 Authorization Bypass

Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit web and mobile application allows for unauthorized access to arbitrary files and documents Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is a...

4CVSS5.5AI score0.03111EPSS
Exploits3
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.113 views

Ipswitch MOVEit DMZ 8.1 File ID Enumeration

Profundis Labs - Security Advisory Vulnerablity Title ================== A security issue in MOVEit application allows the enumeration of existing FileIDs CVE-2015-7677 Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file...

4CVSS5.5AI score0.03111EPSS
Exploits3
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.98 views

Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Scripting

Profundis Labs - Security Advisory Vulnerablity Title ================== Missing input validation vulnerability Reflected XSS Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated file transfer system that lets you manage, view,...

4.3CVSS6.4AI score0.01429EPSS
Exploits2
Packet Storm
Packet Storm
added 2016/01/28 12:0 a.m.65 views

Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting

Profundis Labs - Security Advisory Vulnerability Title ================== Persistent Cross-Site-Scripting XSS vulnerability by file upload due to insecure default configuration Vendor: ======= Ipswitch, Inc http://www.ipswitchft.com Product: ======== MOVEit File Transfer MOVEit is an automated fi...

3.5CVSS5.6AI score0.01778EPSS
Exploits2
Rows per page
Query Builder