Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accellion file transfer appliance vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
Accellion File Transfer Appliance
755
VMScore
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote malicious users to execute arbitrary code via shell metacharacters in the oauth_token parameter.
Accellion File Transfer Appliance
1 EDB exploit
668
VMScore
CVE-2017-8303
An issue exists on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
Accellion File Transfer Appliance
383
VMScore
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
540
VMScore
CVE-2015-2856
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote malicious users to read arbitrary files via a .. (dot dot) in the statecode cookie.
Accellion File Transfer Appliance
384
VMScore
CVE-2017-8760
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to ...
Accellion File Transfer Appliance
383
VMScore
CVE-2017-8788
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
Accellion File Transfer Appliance
668
VMScore
CVE-2017-8790
An issue exists on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
Accellion File Transfer Appliance
383
VMScore
CVE-2017-8791
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
Accellion File Transfer Appliance
383
VMScore
CVE-2017-8792
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
Accellion File Transfer Appliance
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »