Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accellion fta vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2016-2352
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8789
An issue exists on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8791
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8788
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8792
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8795
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8303
An issue exists on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8790
An issue exists on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8796
An issue exists on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
Accellion File Transfer Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »