Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file transfer appliance vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-8791
An issue exists on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
Accellion File Transfer Appliance
383
VMScore
CVE-2017-8792
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
Accellion File Transfer Appliance
668
VMScore
CVE-2017-8796
An issue exists on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
Accellion File Transfer Appliance
668
VMScore
CVE-2017-8303
An issue exists on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
Accellion File Transfer Appliance
384
VMScore
CVE-2017-8760
An issue exists on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to ...
Accellion File Transfer Appliance
570
VMScore
CVE-2017-8794
An issue exists on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
Accellion File Transfer Appliance
641
VMScore
CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
Accellion File Transfer Appliance
755
VMScore
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote malicious users to execute arbitrary code via shell metacharacters in the oauth_token parameter.
Accellion File Transfer Appliance
1 EDB exploit
383
VMScore
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
383
VMScore
CVE-2016-2350
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote malicious users to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.ht...
Accellion File Transfer Appliance
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »