Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accellion file transfer appliance vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2009-4645
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance prior to 8_0_105 allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter.
Accellion Secure File Transfer Appliance 7 0 189
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 296
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 178
1 EDB exploit
7.2
CVSSv2
CVE-2009-4648
Accellion Secure File Transfer Appliance prior to 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/...
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 178
Accellion Secure File Transfer Appliance 7 0 189
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 296
1 EDB exploit
9
CVSSv2
CVE-2009-4644
Accellion Secure File Transfer Appliance prior to 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
Accellion Secure File Transfer Appliance 7 0 296
Accellion Secure File Transfer Appliance 7 0 189
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 178
4.3
CVSSv2
CVE-2009-4647
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance prior to 7_0_296 allows remote malicious users to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 178
Accellion Secure File Transfer Appliance 7 0 189
7.8
CVSSv2
CVE-2008-7012
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote malicious users to send spam e-mail via modified description and client_email parameters.
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance
1 EDB exploit
7.5
CVSSv2
CVE-2017-8789
An issue exists on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8791
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
Accellion File Transfer Appliance
6.4
CVSSv2
CVE-2017-8794
An issue exists on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2016-2350
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote malicious users to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.ht...
Accellion File Transfer Appliance
6.5
CVSSv2
CVE-2016-2352
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.
Accellion File Transfer Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »