Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accellion vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2017-8794
An issue exists on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2017-8303
An issue exists on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
Accellion File Transfer Appliance
4
CVSSv2
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.
Accellion Managed File Transfer
4.3
CVSSv2
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
5
CVSSv2
CVE-2015-2856
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote malicious users to read arbitrary files via a .. (dot dot) in the statecode cookie.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2016-2351
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote malicious users to execute arbitrary SQL commands via the client_id parameter.
Accellion File Transfer Appliance
7.2
CVSSv2
CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
Accellion File Transfer Appliance
7.5
CVSSv2
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote malicious users to execute arbitrary code via shell metacharacters in the oauth_token parameter.
Accellion File Transfer Appliance
1 EDB exploit
7.5
CVSSv2
CVE-2019-5623
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').
Accellion File Transfer Appliance 8 0 540
9
CVSSv2
CVE-2009-4646
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
Accellion Secure File Transfer Appliance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »