Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
managed file transfer vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2020-9413
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an malicious user to craft an UR...
Tibco Managed File Transfer Internet Server
Tibco Managed File Transfer Command Center
6.8
CVSSv2
CVE-2019-12769
SolarWinds Serv-U Managed File Transfer (MFT) Web client prior to 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Solarwinds Serv-u Managed File Transfer
Solarwinds Serv-u Managed File Transfer 15.1.6
6.4
CVSSv2
CVE-2014-7194
TIBCO Managed File Transfer Internet Server prior to 7.2.4, Managed File Transfer Command Center prior to 7.2.4, Slingshot prior to 1.9.3, and Vault prior to 1.1.1 allow remote malicious users to obtain sensitive information or modify data by leveraging agent access.
Tibco Managed File Transfer Internet Server
Tibco Managed File Transfer Command Center
Tibco Slingshot
Tibco Vault
4
CVSSv2
CVE-2015-5711
TIBCO Managed File Transfer Internet Server prior to 7.2.5, Managed File Transfer Command Center prior to 7.2.5, Slingshot prior to 1.9.4, and Vault prior to 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request.
Tibco Managed File Transfer Internet Server
Tibco Vault
Tibco Managed File Transfer Command Center
Tibco Slingshot
4
CVSSv2
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.
Accellion Managed File Transfer
NA
CVE-2021-46830
A path traversal vulnerability exists within GoAnywhere MFT prior to 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain acce...
Helpsystems Goanywhere Managed File Transfer
NA
CVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Fortra Goanywhere Managed File Transfer
1 Metasploit module
6 Github repositories
2 Articles
3.7
CVSSv2
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local malicious user to perform actions with the privileges of the user that t...
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Apache Tomcat
Oracle Managed File Transfer 12.2.1.3.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2012-3294
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and previous versions, and WebSphere MQ - Managed File Transfer 7.5, allow remote malicious users to hijack the authentication of arbitrary user...
Ibm Websphere Mq 7.0.4.0
Ibm Websphere Mq 7.0.2.2
Ibm Websphere Mq 7.0.2.0
Ibm Websphere Mq
Ibm Websphere Mq Managed File Transfer 7.5
Ibm Websphere Mq 7.0.1.0
Ibm Websphere Mq 7.0.0.1
Ibm Websphere Mq 7.0
1 EDB exploit
5
CVSSv2
CVE-2021-25122
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Database 19c
Oracle Managed File Transfer 12.2.1.4.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
Oracle Graph Server And Client
Oracle Graph Server And Client 21.3.0
Oracle Database 21c
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »