CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 3CVE-2008-7012 – Accellion File Transfer Appliance Error Report Message - Open Email Relay
https://notcve.org/view.php?id=CVE-2008-7012
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters. courier/1000@/api_error_email.html (tambien conocido como "error reporting page") en Accellion File Transfer Appliance FTA_7_0_178, y posiblemente otras versiones anteriores de FTA_7_0_189, permite a atacantes remotos enviar spam a través de los parámetros modificados "description" y "client_email parameter". • https://www.exploit-db.com/exploits/32382 http://osvdb.org/48242 http://secunia.com/advisories/31848 http://www.securityfocus.com/bid/31178 http://www.securitytracker.com/id?1020870 http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/45159 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3850 – Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3850
Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Accellion File Transfer FTA_7_0_135 permite a atacantes remotos inyectar web script o HTML a través de PATH_INFO de courier/forgot_password.html. • https://www.exploit-db.com/exploits/32290 http://secunia.com/advisories/31572 http://www.securityfocus.com/bid/30796 http://zebux.free.fr/pub/Advisory/Advisory_Accellion_XSS_Vulnerability_200808.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/44641 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •