12649 matches found
CVE-2021-38159
In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...
CVE-2021-22572
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...
CVE-2020-7659
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...
CVE-2020-8503
Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...
CVE-2020-35884
An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...
CVE-2020-8611
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...
CVE-2020-6835
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking...
CVE-2020-36502
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...
CVE-2020-0232
Function abcpcieissuedmaxfersync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abcpciedmauserxferclean. If this happens, abcpciestartdmaxfer and...
CVE-2020-8796
Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...
CVE-2020-3674
Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55,...
CVE-2020-36486
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...
CVE-2020-14294
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board...
CVE-2020-1255
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
CVE-2020-1112
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
CVE-2020-0787
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...
CVE-2020-29137
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface SEC-577...
CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
CVE-2020-13246
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another...
CVE-2020-8612
In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...