282 matches found
kiteworks.com Improper Access Control vulnerability OBB-2178611
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Accellion Kiteworks Elevation of Privilege Vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...
Accellion Kiteworks SQL Injection Vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. A SQL injection vulnerability exists in Accellion Kiteworks versions prior to 7.4.0. An attacker could exploit the vulnerability to obtain sensitive database...
CVE-2021-31585
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...
CVE-2021-31586
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search...
CVE-2021-31586
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search...
CVE-2021-31585
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...
Design/Logic Flaw
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...
Sql injection
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search...
CVE-2021-31586
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search...
CVE-2021-31586
Summary: Accellion Kiteworks affected versions prior to 7.4.0 have a SQL Injection vulnerability exposed through LDAPGroup Search. An authenticated user can trigger the flaw, potentially exposing sensitive database information. Affected product: Accellion Kiteworks (before 7.4.0). Vulnerability d...
CVE-2021-31585
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...
CVE-2021-31585
The CVE-2021-31585 issue affects Accellion Kiteworks (before version 7.3.1). The root cause is an elevation-of-privilege flaw allowing a user with Admin privileges to generate SSH passwords that enable local access, effectively escalating privileges. Impact is described as privilege, authenticati...
Accellion Kiteworks 安全漏洞
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...
Accellion Kiteworks SQL注入漏洞
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. A SQL injection vulnerability exists in Accellion Kiteworks versions prior to 7.4.0. An attacker could exploit the vulnerability to obtain sensitive database...
Accellion File Transfer Appliance Unsupported Version
The remote host is an Accellion File Transfer Appliance which is no longer supported by the vendor. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable Network Security, Inc...
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance FTA to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting...
Accellion kiteworks authentication bypass vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An authentication bypass vulnerability exists in versions of Accellion kiteworks prior to 2017.01.00. A remote attacker could exploit the vulnerability by...
Authentication flaw
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...
CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token...