5 matches found
CVE-2017-6195
CVE-2017-6195 concerns pre-authentication blind SQL injection in Ipswitch MOVEit Transfer (now Progress MOVEit Transfer) and MOVEit DMZ. Affected products include MOVEit Transfer (2017) and MOVEit DMZ, with fixed versions MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.2...
CVE-2015-7677
CVE-2015-7677 affects Ipswitch MOVEit DMZ (before 8.2) via the MOVEitISAPI service. The issue exposes information disclosure: remote authenticated users can enumerate FileIDs by sending a request to MOVEitISAPI/MOVEitISAPI.dll using the X-siLock-FileID parameter in a download action, taking advan...
CVE-2015-7680
Ipswitch MOVEit DMZ before 8.2 is affected. An unauthenticated attacker can enumerate valid usernames by sending SOAP requests to machine.aspx, due to different error messages depending on account existence. Root cause: inconsistent error handling that leaks existence information. Impact: informa...
CVE-2015-7675
The CVE-2015-7675 issue affects Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2. It stems from improper authorization checks in the Send as attachment workflow: an authenticated attacker can supply a valid FileID via serverFileIds (mobile/sendMsg) or arg01 (human.aspx) to bypass aut...
CVE-2015-7676
CVE-2015-7676 affects Ipswitch MOVEit File Transfer (DMZ) 8.1 and earlier when configured to support file view on download. The root cause is insecure default configuration that allows uploading HTML files, enabling remote authenticated users to perform cross-site scripting (XSS) attacks. Impact ...