Authentication flaw

Accellion File Transfer Appliance before FTA911210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauthtoken parameter...

CVE-2015-2857

Accellion File Transfer Appliance before FTA911210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauthtoken parameter...

CVE-2015-2857

Accellion File Transfer Appliance before FTA911210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauthtoken parameter...

CVE-2015-2857

CVE-2015-2857 affects Accellion File Transfer Appliance (FTA) prior to FTA_9_11_210. The vulnerability allows remote code execution via shell metacharacters in the oauth_token parameter, caused by insufficient input sanitization. Public references and sightings indicate exploit tooling exist (e.g...

Accellion FTA getStatus verify_oauth_token Command Execution (CVE-2015-2857)

A command execution vulnerability exists in Accellion File Transfer appliance. The vulnerability is due to insufficient sanitization of the oauthtoken parameter. A remote attacker can exploit this vulnerability by sending crafted request to the affected appliance...

Accellion Secure File Transfer Appliance 'oauth_token' Parameter Remote Command Execution

The remote Accellion Secure File Transfer Appliance is affected by a remote command execution vulnerability due to improper sanitization of user-supplied in put to the 'oauthtoken' parameter in the getoauthcustomername and verifyoauthtoken functions. The parameter is passed to a system command...

Accellion FTA getStatus command injection

Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...