CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8790
https://notcve.org/view.php?id=CVE-2017-8790
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. El parámetro "filter" POST home/seos/courier/ldaptest.html puede utilizarse para inyección LDAP. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8791
https://notcve.org/view.php?id=CVE-2017-8791
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. Existe un vector de ataque CRLF home/seos/courier/login.html auth_params . • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8792
https://notcve.org/view.php?id=CVE-2017-8792
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Existe un XSS home/seos/courier/user_add.html con el parámetro param. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8793
https://notcve.org/view.php?id=CVE-2017-8793
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Al enviar una solicitud POST a home/seos/courier/web/wmProgressstat.html.php con ... • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8794
https://notcve.org/view.php?id=CVE-2017-8794
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Debido a una expresión regular (destinada a coincidir con las URL https locales) carece de un carácter ^ inicial, courier/web/1000@/wmProgressval.html, que... • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8795
https://notcve.org/view.php?id=CVE-2017-8795
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. existe una vulnerabilidad de tipo XSS en home/seos/courier/smtpg_add.html con el parámetro param. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8796
https://notcve.org/view.php?id=CVE-2017-8796
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Debido a que mysql_real_escape_string es utilizado erróneamente, seos/courier/communication_p2p.php permite inyección SQL con el parámetro app_id. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5662
https://notcve.org/view.php?id=CVE-2016-5662
26 Aug 2016 — Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors. Accesorios Accellion Kiteworks en versiones anteriores a kw2016.03.00 usa permisos setuid-root para /opt/bin/cli, lo que permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/305607 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5663
https://notcve.org/view.php?id=CVE-2016-5663
26 Aug 2016 — Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. Múltiples vulnerabilidades de XSS en oauth_callback.php en accesorios Accellion Kiteworks en versiones anteriores a kw2016.03.00 permiten a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de (1) el código, (2) el error o (3... • http://www.kb.cert.org/vuls/id/305607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5664
https://notcve.org/view.php?id=CVE-2016-5664
26 Aug 2016 — Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. Vulnerabilidad de salto de directorio en accesorios Accellion Kiteworks en versiones anteriores a kw2016.03.00 permite a atacantes remotos leer archivos a través de una URI manipulada. • http://www.kb.cert.org/vuls/id/305607 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •