File Transfer Appliance Security Vulnerabilities and Issues — File Transfer Appliance CVE List

Lucene search

AccellionFile Transfer Appliance

14 matches found

CVE•added 2017/08/22 3:29 p.m.•51 views

CVE-2015-2857

Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.

9.8CVSS9.6AI score0.85425EPSS

CVE•added 2017/05/05 6:29 p.m.•47 views

CVE-2017-8789

An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.

9.8CVSS9.8AI score0.0025EPSS

CVE•added 2017/05/05 6:29 p.m.•44 views

CVE-2017-8791

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.

6.1CVSS6.3AI score0.0024EPSS

CVE•added 2017/10/10 1:29 p.m.•42 views

CVE-2015-2856

Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.

7.5CVSS8.4AI score0.71207EPSS

CVE•added 2017/05/05 6:29 p.m.•42 views

CVE-2017-8760

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payload...

6.1CVSS6AI score0.0104EPSS

CVE•added 2017/05/05 6:29 p.m.•41 views

CVE-2017-8790

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

9.8CVSS9.4AI score0.00486EPSS

CVE•added 2017/05/05 6:29 p.m.•41 views

CVE-2017-8794

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.

10CVSS8.9AI score0.00324EPSS

CVE•added 2017/05/05 6:29 p.m.•39 views

CVE-2017-8788

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.

6.1CVSS6.3AI score0.0024EPSS

CVE•added 2017/05/05 6:29 p.m.•38 views

CVE-2017-8303

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

9.8CVSS9.6AI score0.10236EPSS

CVE•added 2017/05/05 6:29 p.m.•38 views

CVE-2017-8793

An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site ac...

8.8CVSS8.5AI score0.00134EPSS

CVE•added 2017/05/05 6:29 p.m.•38 views

CVE-2017-8795

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.

6.1CVSS6AI score0.0024EPSS

CVE•added 2017/05/05 6:29 p.m.•38 views

CVE-2017-8796

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.

9.8CVSS9.8AI score0.00292EPSS

CVE•added 2017/05/05 6:29 p.m.•36 views

CVE-2017-8304

An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.

6.1CVSS6AI score0.0024EPSS

CVE•added 2017/05/05 6:29 p.m.•34 views

CVE-2017-8792

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.

6.1CVSS6AI score0.0024EPSS