Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
managed file transfer vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-9414
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identi...
Tibco Managed File Transfer Internet Server
Tibco Managed File Transfer Command Center
8.8
CVSSv3
CVE-2019-12769
SolarWinds Serv-U Managed File Transfer (MFT) Web client prior to 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Solarwinds Serv-u Managed File Transfer
Solarwinds Serv-u Managed File Transfer 15.1.6
NA
CVE-2015-5711
TIBCO Managed File Transfer Internet Server prior to 7.2.5, Managed File Transfer Command Center prior to 7.2.5, Slingshot prior to 1.9.4, and Vault prior to 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request.
Tibco Managed File Transfer Internet Server
Tibco Vault
Tibco Managed File Transfer Command Center
Tibco Slingshot
NA
CVE-2014-7194
TIBCO Managed File Transfer Internet Server prior to 7.2.4, Managed File Transfer Command Center prior to 7.2.4, Slingshot prior to 1.9.3, and Vault prior to 1.1.1 allow remote malicious users to obtain sensitive information or modify data by leveraging agent access.
Tibco Managed File Transfer Internet Server
Tibco Managed File Transfer Command Center
Tibco Slingshot
Tibco Vault
6.5
CVSSv3
CVE-2022-24110
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later.
Accellion Managed File Transfer
6.5
CVSSv3
CVE-2021-46830
A path traversal vulnerability exists within GoAnywhere MFT prior to 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain acce...
Helpsystems Goanywhere Managed File Transfer
7.2
CVSSv3
CVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Fortra Goanywhere Managed File Transfer
1 Metasploit module
6 Github repositories
2 Articles
7
CVSSv3
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local malicious user to perform actions with the privileges of the user that t...
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Apache Tomcat
Oracle Managed File Transfer 12.2.1.3.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2012-3294
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and previous versions, and WebSphere MQ - Managed File Transfer 7.5, allow remote malicious users to hijack the authentication of arbitrary user...
Ibm Websphere Mq 7.0.4.0
Ibm Websphere Mq 7.0.2.2
Ibm Websphere Mq 7.0.2.0
Ibm Websphere Mq
Ibm Websphere Mq Managed File Transfer 7.5
Ibm Websphere Mq 7.0.1.0
Ibm Websphere Mq 7.0.0.1
Ibm Websphere Mq 7.0
1 EDB exploit
7
CVSSv3
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note tha...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Database 19c
Oracle Managed File Transfer 12.2.1.4.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
Oracle Graph Server And Client
Oracle Database 21c
Oracle Siebel Ui Framework 21.9
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »