CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8788
https://notcve.org/view.php?id=CVE-2017-8788
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Hay una vulnerabilidad de CRLF en settings_global_text_edit.php permitiendo ataques ? • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8791
https://notcve.org/view.php?id=CVE-2017-8791
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. Existe un vector de ataque CRLF home/seos/courier/login.html auth_params . • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8790
https://notcve.org/view.php?id=CVE-2017-8790
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. El parámetro "filter" POST home/seos/courier/ldaptest.html puede utilizarse para inyección LDAP. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-2350
https://notcve.org/view.php?id=CVE-2016-2350
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. Múltiples vulnerabilidades de XSS sobre el Accellion File Transfer Appliance (FTA) en versiones anteriores a FTA_9_12_40 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la entrada no especificada a (1) getimageajax.php, (2) move_partition_frame.html o (3) wmInfo.html. • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver http://www.kb.cert.org/vuls/id/505560 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-2353
https://notcve.org/view.php?id=CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. El Accellion File Transfer Appliance (FTA) en versiones anteriores a FTA_9_12_40 permite a usuarios locales añadir una clave SSH a un grupo arbitrario, y consecuentemente obtener privilegios, a través de vectores no especificados. • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver http://www.kb.cert.org/vuls/id/505560 • CWE-264: Permissions, Privileges, and Access Controls •