CVE-2015-2857

Accellion File Transfer Appliance before FTA911210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauthtoken parameter...

Authentication flaw

Accellion File Transfer Appliance before FTA911210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauthtoken parameter...

CVE-2015-2857

Accellion File Transfer Appliance before FTA911210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauthtoken parameter...

CVE-2015-2857

CVE-2015-2857 affects Accellion File Transfer Appliance (FTA) prior to FTA_9_11_210. The vulnerability allows remote code execution via shell metacharacters in the oauth_token parameter, caused by insufficient input sanitization. Public references and sightings indicate exploit tooling exist (e.g...

Accellion FTA getStatus verify_oauth_token Command Execution (CVE-2015-2857)

A command execution vulnerability exists in Accellion File Transfer appliance. The vulnerability is due to insufficient sanitization of the oauthtoken parameter. A remote attacker can exploit this vulnerability by sending crafted request to the affected appliance...

Accellion Secure File Transfer Appliance 'oauth_token' Parameter Remote Command Execution

The remote Accellion Secure File Transfer Appliance is affected by a remote command execution vulnerability due to improper sanitization of user-supplied in put to the 'oauthtoken' parameter in the getoauthcustomername and verifyoauthtoken functions. The parameter is passed to a system command...

Accellion FTA getStatus command injection

Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...