Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file transfer appliance vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-2351
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote malicious users to execute arbitrary SQL commands via the client_id parameter.
Accellion File Transfer Appliance
7.2
CVSSv2
CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8760
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to ...
Accellion File Transfer Appliance
6.8
CVSSv2
CVE-2017-8793
An issue exists on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the malicious use...
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8796
An issue exists on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8303
An issue exists on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8788
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8790
An issue exists on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8792
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
Accellion File Transfer Appliance
4.3
CVSSv2
CVE-2017-8795
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
Accellion File Transfer Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »
Vulmon