1010 matches found
Ipswitch MOVEit DMZ < 8.2 Multiple Vulnerabilities
The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 8.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Send as Attachment feature due to improper sanitization of user-supplied input to the 'serverFileIds' parameter of mobile/sendMsg and th...
HPSBGN3547 rev.2 - HP Device Manager, Remote Read Access to Arbitrary Files
Potential Security Impact Remote read access to arbitrary files. Source: HP, HP Product Security Response Team PSRT VULNERABILITY SUMMARY Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. dot dot in the...
Ipswitch WhatsUp Gold Detection
Binary data ipswitchwhatsupgolddetect.nbin...
Ipswitch WhatsUp Gold < 16.4 Multiple Vulnerabilities
According to its self-reported version number, the version of Ipswitch WhatsUp Gold running on the remote host is prior to 16.4.0. It is, therefore, affected by the following vulnerabilities : - Multiple SQL injection vulnerabilities exist due to improper sanitization of user-supplied input to th...
CVE-2015-7680
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...
CVE-2015-7679
Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...
CVE-2015-7678
Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2015-7677
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...
CVE-2015-7675
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...
Authorization
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...
Cross site scripting
Cross-site scripting XSS vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/...
Code injection
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Authentication flaw
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...
CVE-2015-7675
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...
CVE-2015-7678
Multiple cross-site request forgery CSRF vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2015-7680
Ipswitch MOVEit DMZ before 8.2 is affected. An unauthenticated attacker can enumerate valid usernames by sending SOAP requests to machine.aspx, due to different error messages depending on account existence. Root cause: inconsistent error handling that leaks existence information. Impact: informa...
CVE-2015-7677
CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...
CVE-2015-7678
CVE-2015-7678 affects Ipswitch MOVEit Mobile 1.2.0.962 and earlier. The issue is cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The connected materials confirm the product and vulnerability cla...
CVE-2015-7677
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...