CVE-2021-31586
https://notcve.org/view.php?id=CVE-2021-31586
Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. Accellion Kiteworks versiones anteriores a 7.4.0, permite a un usuario autenticado llevar a cabo una inyección SQL por medio de LDAPGroup Search • https://github.com/accellion/CVEs https://github.com/accellion/CVEs/blob/main/CVE-2021-31586.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-31585
https://notcve.org/view.php?id=CVE-2021-31585
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. Accellion Kiteworks versiones anteriores a 7.3.1, permite a un usuario con privilegios de administrador escalar sus privilegios al generar contraseñas SSH que permiten el acceso local • https://github.com/accellion/CVEs https://github.com/accellion/CVEs/blob/main/CVE-2021-31585.txt •
CVE-2017-9421
https://notcve.org/view.php?id=CVE-2017-9421
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. Vulnerabilidad de omisión de autenticación en Accellion kiteworks en versiones anteriores a la 2017.01.00 permite que atacantes remotos ejecuten ciertas llamadas API en nombre de un usuario web que emplea un token recopilado mediante una petición POST en oauth/token. • https://github.com/jer1nj0y/Vulns/blob/master/Kiteworks%20Vulnerability • CWE-287: Improper Authentication •
CVE-2016-5664
https://notcve.org/view.php?id=CVE-2016-5664
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. Vulnerabilidad de salto de directorio en accesorios Accellion Kiteworks en versiones anteriores a kw2016.03.00 permite a atacantes remotos leer archivos a través de una URI manipulada. • http://www.kb.cert.org/vuls/id/305607 http://www.securityfocus.com/bid/92662 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-5663
https://notcve.org/view.php?id=CVE-2016-5663
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. Múltiples vulnerabilidades de XSS en oauth_callback.php en accesorios Accellion Kiteworks en versiones anteriores a kw2016.03.00 permiten a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de (1) el código, (2) el error o (3) el parámetro error_description. • http://www.kb.cert.org/vuls/id/305607 http://www.securityfocus.com/bid/92662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •