282 matches found
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28064
Kiteworks Totemomail 7.x–8.2.1 is vulnerable to directory traversal via the /responsiveUI/EnvelopeOpenServlet endpoint using the messageId parameter, enabling unauthenticated read, delete, and write operations. Root cause involves directory traversal in the EnvelopeOpenServlet handling of message...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28063
Kiteworks Totemomail up to version 7.0.0 is affected by a reflected XSS vulnerability in the /responsiveUI/EnvelopeOpenServlet endpoint via the envelopeRecipient parameter. This is corroborated by multiple sources in the connected set, including PT-2024-22244, which details the endpoint and param...
PT-2024-22244 · Kiteworks · Kiteworks Totemomail
Name of the Vulnerable Software and Affected Versions: Kiteworks Totemomail versions through 7.0.0 Description: The issue allows for reflected XSS through the /responsiveUI/EnvelopeOpenServlet endpoint, specifically targeting the envelopeRecipient parameter. This enables potential attackers to...
Accellion Kiteworks 安全漏洞
Accellion Kiteworks is a private cloud file sharing solution. A security vulnerability exists in Accellion Kiteworks version 7.x and version 8.x prior to 8.3.0, which stems from the presence of directory traversal that can lead to unauthenticated file read, file delete, and file write operations...
PT-2024-22245 · Kiteworks · Kiteworks Totemomail
Name of the Vulnerable Software and Affected Versions: Kiteworks Totemomail versions 7.x through 8.2.1 Description: The issue allows for directory traversal, enabling unauthenticated file read and delete operations, as well as write operations, through the /responsiveUI/EnvelopeOpenServlet...
Accellion Kiteworks 安全漏洞
Accellion Kiteworks is a private cloud file sharing solution. A security vulnerability exists in Accellion Kiteworks version 7.0.0 and earlier, which stems from the presence of reflective cross-site scripting...
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
Code injection
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...
CVE-2022-24110
CVE-2022-24110 affects Kiteworks MFT 7.5, where an unauthorized user could reset other users’ passwords. The issue is resolved in version 7.6 and later. The connected Red Hat, NVD, and other entries corroborate that the vulnerability exists in 7.5 and the remediation is upgrading to 7.6+; no expl...
Kiteworks MFT 安全漏洞
Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A security vulnerability exists in Kiteworks MFT that could allow an unauthorized user to reset another user's password. This issue is fixed in version 7.6 and later...
PT-2022-16471 · Kiteworks · Kiteworks Mft
Name of the Vulnerable Software and Affected Versions: Kiteworks MFT version 7.5 Description: The issue allows an unauthorized user to reset other users' passwords. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents...