Lucene search
+L
AccellionFile Transfer Appliance

20 matches found

CVE
CVE
added 2017/08/22 3:0 p.m.73 views

CVE-2015-2857

CVE-2015-2857 affects Accellion File Transfer Appliance (FTA) prior to FTA_9_11_210. The vulnerability allows remote code execution via shell metacharacters in the oauth_token parameter, caused by insufficient input sanitization. Public references and sightings indicate exploit tooling exist (e.g...

9.8CVSS9.6AI score0.84178EPSS
Web
CVE
CVE
added 2017/05/05 6:0 p.m.65 views

CVE-2017-8789

Accellion FTA devices prior to FTA_9_12_180 are affected by a SQL injection in the report_error.php?year parameter. The issue allows a remote attacker to potentially execute arbitrary SQL commands against the backend database. Root cause is an injectable SQL vector in report_error.php, exposing c...

9.8CVSS9.8AI score0.01161EPSS
CVE
CVE
added 2017/10/10 1:0 p.m.59 views

CVE-2015-2856

CVE-2015-2856 affects Accellion File Transfer Appliance (FTA) prior to FTA_9_11_210. A directory traversal flaw in the template function of functions.inc allows remote attackers to read arbitrary files by manipulating the statecode cookie (statecode-based path traversal). Public exploit/module ex...

7.5CVSS8.4AI score0.56573EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.59 views

CVE-2017-8760

CVE-2017-8760: An XSS vulnerability affecting Accellion FTA devices prior to FTA_9_12_180. The flaw resides in the courier/1000@/index.html page via the auth_params parameter, with the device’s internal WAF filters unable to reliably block certain payloads; bypasses via URL-encoding and similar m...

6.1CVSS6AI score0.0123EPSS
Web
CVE
CVE
added 2017/05/05 6:0 p.m.58 views

CVE-2017-8791

CVE-2017-8791 affects Accellion FTA devices prior to FTA_9_12_180. The vulnerability is a CRLF injection in the login page parameter path: home/seos/courier/login.html auth_params, allowing a remote attacker to trigger a CRLF-based attack. Public sources in CNVD/NVD confirm a remote-exploitation ...

6.1CVSS6.3AI score0.00683EPSS
Web
CVE
CVE
added 2016/05/07 2:0 p.m.57 views

CVE-2016-2351

CVE-2016-2351 affects the Accellion File Transfer Appliance (FTA) prior to FTA_9_12_40. The vulnerability is an SQL injection in the file path home/seos/courier/security_key2.api that allows a remote attacker to execute arbitrary SQL commands via the client_id parameter, as documented by NVD and ...

9.8CVSS9.9AI score0.01579EPSS
Web
CVE
CVE
added 2017/05/05 6:0 p.m.57 views

CVE-2017-8790

Summary: CVE-2017-8790 concerns the Accellion FTA line prior to version FTA_9_12_180. The vulnerability is a LDAP Injection in the web interface, specifically the POST parameter filter in the path home/seos/courier/ldaptest.html. The root cause is improper handling of LDAP queries, allowing a rem...

9.8CVSS9.4AI score0.01373EPSS
Web
CVE
CVE
added 2016/05/07 2:0 p.m.56 views

CVE-2016-2350

CVE-2016-2350 refers to multiple XSS vulnerabilities in Accellion File Transfer Appliance (FTA) prior to FTA_9_12_40. The affected components are getimageajax.php, move_partition_frame.html, and wmInfo.html, which can be exploited by supplying input that results in arbitrary web script or HTML ex...

6.1CVSS7.1AI score0.00938EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.56 views

CVE-2017-8794

Vulnerability: Accellion FTA devices prior to FTA_9_12_180 are affected by CVE-2017-8794. Root cause: a regular expression intended to match local https URLs lacks the initial ^, allowing SSRF via courier/web/1000@/wmProgressval.html with crafted file:///etc/passwd#https:// URLs. Impact: server-s...

10CVSS8.9AI score0.01895EPSS
CVE
CVE
added 2016/05/07 2:0 p.m.55 views

CVE-2016-2353

The connected OpenVAS entry identifies multiple vulnerabilities in Accellion File Transfer Appliance (FTA) prior to FTA_9_12_40, including local privilege escalation by allowing a local user to add an SSH key to an arbitrary group, enabling privilege gain. The CVE-2016-2353 entry likewise describ...

7.8CVSS8.4AI score0.00473EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.54 views

CVE-2017-8788

CVE-2017-8788 affects Accellion FTA devices prior to FTA_9_12_180. A CRLF injection vulnerability exists in settings_global_text_edit.php that enables newline/CRLF payloads (e.g., ?display=x%0Dnewline) and, per CNVD/NVD records, can allow remote command execution. Impact details in the connected ...

6.1CVSS6.3AI score0.00683EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.53 views

CVE-2017-8795

Summary of CVE-2017-8795 (Accellion FTA) : A cross-site scripting (XSS) flaw exists in Accellion FTA devices before FTA_9_12_180, specifically in the page home/seos/courier/smtpg_add.html where the parameter is unsafely reflected. This affects Accellion FTA devices prior to the cited version; the...

6.1CVSS6AI score0.00683EPSS
Web
CVE
CVE
added 2017/05/05 6:0 p.m.53 views

CVE-2017-8796

CVE-2017-8796 affects Accellion FTA devices prior to FTA_9_12_180. The issue is a misuse of mysql_real_escape_string in seos/courier/communication_p2p.php, enabling SQL injection via the app_id parameter. Impact is high: potential for unauthorized data access/manipulation; CVSS v3.0 base score 9....

9.8CVSS9.8AI score0.01161EPSS
Web
CVE
CVE
added 2016/05/07 2:0 p.m.52 views

CVE-2016-2352

The CVE-2016-2352 entry concerns the Accellion File Transfer Appliance (FTA) prior to FTA_9_12_40. The vulnerability arises from the YUM_CLIENT restricted-user role, enabling remote authenticated users to execute arbitrary commands with elevated privileges. Public documentation across sources con...

8.8CVSS9.2AI score0.05381EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.52 views

CVE-2017-8793

CVE-2017-8793 affects Accellion FTA devices prior to FTA_9_12_180. A POST to home/seos/courier/web/wmProgressstat.html.php with an attacker-controlled acallow parameter can trigger an Access-Control-Allow-Origin header, bypassing Same-Origin Policy and granting the attacker site access. Severity ...

8.8CVSS8.5AI score0.00514EPSS
Web
CVE
CVE
added 2020/04/29 10:15 p.m.52 views

CVE-2019-5622

CVE-2019-5622 affects Accellion File Transfer Appliance (FTA_8_0_540) and is caused by CWE-798: Use of Hard-coded Credentials. Multiple connected records corroborate a hard-coded/default credential issue in the FTA, implying high impact with potential unauthorized access. The CVSS data (v2/v3) ci...

9.8CVSS9.6AI score0.01101EPSS
CVE
CVE
added 2020/04/29 10:15 p.m.52 views

CVE-2019-5623

CVE-2019-5623 affects Accellion File Transfer Appliance, specifically FTA_8_0_540, with a command injection flaw (CWE-77) arising from improper neutralization of input in the construction of executable commands. The vulnerability is network-exposed and could allow an attacker to execute commands ...

9.8CVSS9.6AI score0.01578EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.51 views

CVE-2017-8303

Summary : CVE-2017-8303 affects Accellion FTA devices prior to FTA_9_12_180. The connected CNVD/PRION/CVE records corroborate a vulnerability in seos/1000/find.api that enables Remote Code Execution via shell metacharacters in the method parameter. The core detail across sources is the affected s...

9.8CVSS9.6AI score0.2418EPSS
Web
CVE
CVE
added 2017/05/05 6:0 p.m.50 views

CVE-2017-8304

Accellion FTA devices prior to FTA_9_12_180 are affected by a cross-site scripting vulnerability in courier/1000@/oauth/playground/callback.html triggered by a crafted URI. CNVD/NVD entries corroborate a via-URL XSS in the Accellion FTA web UI, listed as CVE-2017-8304. The provided documents do n...

6.1CVSS6AI score0.00683EPSS
CVE
CVE
added 2017/05/05 6:0 p.m.49 views

CVE-2017-8792

The CVE-2017-8792 entry concerns Accellion FTA devices prior to FTA_9_12_180 with a Cross‑Site Scripting (XSS) flaw in the web page path home/seos/courier/user_add.html, exploitable via the parameter field. The connected documents consistently describe the vulnerability as XSS; no exploit details...

6.1CVSS6AI score0.00683EPSS
Web