CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 2CVE-2009-4644
https://notcve.org/view.php?id=CVE-2009-4644
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. Accellion Secure File Transfer Appliance anterior a v8_0_105 permite a los administradores remotos autenticados evitar el shell restringido y ejecutar comandos a su elección mediante metacaracteres en el comando ping, como lo demuestra la modificación del programa cli. • http://www.portcullis-security.com/338.php http://www.securityfocus.com/bid/38176 https://exchange.xforce.ibmcloud.com/vulnerabilities/56248 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 3CVE-2009-4645 – Accellion File Transfer - 'Appliance web_client_user_guide.html?lang' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2009-4645
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Vulnerabilidad de salto de directorio en web_client_user_guide.html en Accellion Secure File Transfer Appliance anterior a v8_0_105 permite a atacantes remotos leer ficheros a su elección a través de un .. (punto punto) en el parámetro lang. • https://www.exploit-db.com/exploits/33622 http://secunia.com/advisories/38538 http://www.portcullis-security.com/340.php http://www.securityfocus.com/bid/38176 https://exchange.xforce.ibmcloud.com/vulnerabilities/56246 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 3CVE-2009-4648 – Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations
https://notcve.org/view.php?id=CVE-2009-4648
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command. Accellion Secure File Transfer Appliance anterior a v8_0_105 no restringe adecuadamente el acceso a los comandos sensibles y argumentos que se ejecuta con privilegios sudo adicionales, lo cual permite a los administradores locales obtener privilegios a través de (1)argumentos a su elección en la acción --file_move en /usr/local/bin/admin.pl, o un ataque de enlace duro en (2) chmod o (3) un cierto comando cp. • https://www.exploit-db.com/exploits/33623 http://www.portcullis-security.com/338.php http://www.securityfocus.com/bid/38176 https://exchange.xforce.ibmcloud.com/vulnerabilities/56248 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 3CVE-2008-7012 – Accellion File Transfer Appliance Error Report Message - Open Email Relay
https://notcve.org/view.php?id=CVE-2008-7012
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters. courier/1000@/api_error_email.html (tambien conocido como "error reporting page") en Accellion File Transfer Appliance FTA_7_0_178, y posiblemente otras versiones anteriores de FTA_7_0_189, permite a atacantes remotos enviar spam a través de los parámetros modificados "description" y "client_email parameter". • https://www.exploit-db.com/exploits/32382 http://osvdb.org/48242 http://secunia.com/advisories/31848 http://www.securityfocus.com/bid/31178 http://www.securitytracker.com/id?1020870 http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/45159 •