7 matches found
CVE-2008-7012
CVE-2008-7012 affects the Accellion File Transfer Appliance FTA_7_0_178 (and possibly earlier versions before FTA_7_0_189). The vulnerability is in the courier/1000@/api_error_email.html (the error reporting page) and allows remote attackers to send spam emails by modifying the description and cl...
CVE-2009-4648
CVE-2009-4648 affects Accellion Secure File Transfer Appliance before 8_0_105. Root cause: access to sensitive commands run with extra sudo privileges is not properly restricted in /usr/local/bin/admin.pl, enabling local administrators to escalate privileges. Vulnerability vectors include (1) arb...
CVE-2009-4646
CVE-2009-4646 affects the Accellion Secure File Transfer Appliance. The available connected records describe a static code injection vulnerability in the appliance’s administrative web interface that allows remote authenticated administrators to inject arbitrary shell commands by appending them t...
CVE-2008-3850
CVE-2008-3850 is an XSS vulnerability in Accellion File Transfer FTA_7_0_135. The issue allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to courier/forgot_password.html. Affected product: Accellion File Transfer FTA_7_0_135. Root cause: improper handling of PATH_INFO l...
CVE-2009-4647
Affected product: Accellion Secure File Transfer Appliance. Vulnerability: Cross-site scripting (XSS) via the username parameter when the administrator views audit logs. Impact: remote attacker can inject arbitrary web script/HTML into the admin context. Root cause: improper handling of the usern...
CVE-2009-4644
The CVE-2009-4644 issue affects the Accellion Secure File Transfer Appliance, specifically versions prior to 8_0_105. It allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands by injecting shell metacharacters via the cli program (demonstrated wit...
CVE-2009-4645
CVE-2009-4645 affects Accellion Secure File Transfer Appliance (SFTA) before version 8_0_105. The issue is a directory traversal in web_client_user_guide.html triggered by a .. (dot dot) in the lang parameter, allowing remote attackers to read arbitrary files. The connected documents confirm the ...