EUVD-2015-7579

Malware in sbrugna...

Progress MOVEit Transfer 2017 < 9.0.0.201, Ipswitch MOVEit DMZ < 8.2 / 8.2 < 8.2.0.20 / 8.3 < 8.3.0.30 SQL Injection (CVE-2017-6195)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by a pre-authentication blind SQL injection vulnerability as referenced in Progress Community article 000192008. - Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind...

Ipswitch MOVEit DMZ < 2024.0.0 (16_0_0)

The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 2024.0.0. It is, therefore, affected by a vulnerability as referenced in the 000258478 advisory. - The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficie...

CVE-2017-6195

Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20...

Ipswitch MOVEit DMZ < 8.2 Multiple Vulnerabilities

The version of Ipswitch MOVEit DMZ installed on the remote host is prior to 8.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Send as Attachment feature due to improper sanitization of user-supplied input to the 'serverFileIds' parameter of mobile/sendMsg and th...

Ipswitch MOVEit DMZ and MOVEit Mobile File Read Vulnerabilities

Ipswitch MOVEit is an automated file transfer system from Ipswitch USA. DMZ and Mobile are among the versions. Ipswitch MOVEit DMZ and MOVEit Mobile have a security vulnerability in the 'Send as attachment' function due to the mobile/sendMsg URI failing to adequately filter the ' serverFileIds'...

CVE-2015-7677

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

Code injection

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

Authentication flaw

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

CVE-2015-7677

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll...

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx...

CVE-2015-7675

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the 1 serverFileIds parameter to mobile/sendMsg or 2 arg01 parameter to human.aspx...

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 is affected. An unauthenticated attacker can enumerate valid usernames by sending SOAP requests to machine.aspx, due to different error messages depending on account existence. Root cause: inconsistent error handling that leaks existence information. Impact: informa...