27 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). Accellion File Transfer Appliance versión FTA_8_0_540, sufre una instancia CWE-77: Neutralización Inapropiada de Elementos Especiales usados en un Comando ("Command Injection"). • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. Accellion File Transfer Appliance versión FTA_8_0_540, sufre de una instancia CWE-798: Uso de Credenciales Embebidas. • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 1

Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. Vulnerabilidad de salto de directorio en la función template en function.inc en dispositivos Accellion File Transfer Appliance anteriores a FTA_9_11_210 permite que atacantes remotos lean archivos arbitrarios mediante un .. (punto punto) en la cookie statecode. • https://www.rapid7.com/db/modules/auxiliary/scanner/http/accellion_fta_statecode_file_read https://www.rapid7.com/blog/post/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. Se ha descubierto un fallo en los dispositivos Accellion FTA en versiones anteriores a la FTA_9_12_180. courier/1000@/oauth/playground/callback.html permite Cross-Site Scripting (XSS) con un URI manipulado. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. Se ha descubierto un fallo en los dispositivos Accellion FTA en versiones anteriores a la FTA_9_12_180. seos/1000/find.api permite la ejecución remota de código en metacaracteres shell en el parámetro method. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-116: Improper Encoding or Escaping of Output •