Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secure file transfer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4644
Accellion Secure File Transfer Appliance prior to 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
Accellion Secure File Transfer Appliance 7 0 296
Accellion Secure File Transfer Appliance 7 0 189
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 178
NA
CVE-2009-4645
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance prior to 8_0_105 allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter.
Accellion Secure File Transfer Appliance 7 0 189
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 296
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 178
1 EDB exploit
NA
CVE-2009-4648
Accellion Secure File Transfer Appliance prior to 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/...
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 178
Accellion Secure File Transfer Appliance 7 0 189
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 296
1 EDB exploit
NA
CVE-2009-4647
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance prior to 7_0_296 allows remote malicious users to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance 7 0 259
Accellion Secure File Transfer Appliance 7 0 178
Accellion Secure File Transfer Appliance 7 0 189
NA
CVE-2008-7012
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote malicious users to send spam e-mail via modified description and client_email parameters.
Accellion Secure File Transfer Appliance 7 0 135
Accellion Secure File Transfer Appliance
1 EDB exploit
9.8
CVSSv3
CVE-2020-8796
Biscom Secure File Transfer (SFT) prior to 5.1.1071 and 6.0.1xxx prior to 6.0.1005 allows Remote Code Execution on the server.
Biscom Secure File Transfer
8.1
CVSSv3
CVE-2016-10710
Biscom Secure File Transfer (SFT) 5.0.1000 up to and including 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
Biscom Secure File Transfer
6.5
CVSSv3
CVE-2020-8503
Biscom Secure File Transfer (SFT) 5.0.1050 up to and including 5.1.1067 and 6.0.1000 up to and including 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Biscom Secure File Transfer
6.5
CVSSv3
CVE-2020-27646
Biscom Secure File Transfer (SFT) prior to 5.1.1082 and 6.x prior to 6.0.1011 allows user credential theft.
Biscom Secure File Transfer
5.4
CVSSv3
CVE-2017-5241
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane ...
Biscom Secure File Transfer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »