Lucene search
K
IpswitchMoveit Dmz

5 matches found

CVE
CVE
added 2017/05/18 6:13 a.m.67 views

CVE-2017-6195

CVE-2017-6195 concerns pre-authentication blind SQL injection in Ipswitch MOVEit Transfer (now Progress MOVEit Transfer) and MOVEit DMZ. Affected products include MOVEit Transfer (2017) and MOVEit DMZ, with fixed versions MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.2...

9.8CVSS9.8AI score0.01989EPSS
CVE
CVE
added 2016/02/10 3:0 p.m.64 views

CVE-2015-7677

CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...

4.3CVSS4.3AI score0.02954EPSS
Web
CVE
CVE
added 2016/02/10 3:0 p.m.49 views

CVE-2015-7680

Ipswitch MOVEit DMZ before 8.2 is affected. An unauthenticated attacker can enumerate valid usernames by sending SOAP requests to machine.aspx, due to different error messages depending on account existence. Root cause: inconsistent error handling that leaks existence information. Impact: informa...

5.3CVSS5.4AI score0.02149EPSS
CVE
CVE
added 2016/02/10 3:0 p.m.45 views

CVE-2015-7675

The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...

6.5CVSS6.1AI score0.03111EPSS
Web
CVE
CVE
added 2016/04/15 3:0 p.m.41 views

CVE-2015-7676

CVE-2015-7676 affects Ipswitch MOVEit File Transfer (DMZ) 8.1 and earlier when configured to support file view on download. The root cause is insecure default configuration that allows uploading HTML files, enabling remote authenticated users to perform cross-site scripting (XSS) attacks. Impact ...

5.4CVSS5AI score0.01778EPSS