CVE-2024-25153 – Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114
https://notcve.org/view.php?id=CVE-2024-25153
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells. Un directory traversal dentro del 'ftpservlet' de FileCatalyst Workflow Web Portal permite cargar archivos fuera del directorio 'uploadtemp' previsto con una solicitud POST especialmente manipulada. En situaciones en las que un archivo se carga correctamente en DocumentRoot del portal web, se pueden utilizar archivos JSP especialmente manipulados para ejecutar código, incluidos los shells web. • https://github.com/nettitude/CVE-2024-25153 https://github.com/rainbowhatrkn/CVE-2024-25153 https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html https://www.fortra.com/security/advisory/fi-2024-002 • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVE-2024-0204 – Authentication Bypass in GoAnywhere MFT
https://notcve.org/view.php?id=CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. La omisión de autenticación en GoAnywhere MFT de Fortra anterior a 7.4.1 permite a un usuario no autorizado crear un usuario administrador a través del portal de administración. • https://github.com/horizon3ai/CVE-2024-0204 https://github.com/m-cetin/CVE-2024-0204 https://github.com/cbeek-r7/CVE-2024-0204 https://github.com/adminlove520/CVE-2024-0204 http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml https://www.fortra.com/security/advisory/fi-2024-001 https://www.horizon3& • CWE-425: Direct Request ('Forced Browsing') •
CVE-2023-6253 – Saved Uninstall Key in Digital Guardian Agent Uninstaller
https://notcve.org/view.php?id=CVE-2023-6253
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versión 7.9.4 permite a un atacante local recuperar la clave de desinstalación y eliminar el software extrayendo la clave de desinstalación de la memoria del archivo de desinstalación. The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. • http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html http://seclists.org/fulldisclosure/2023/Nov/14 https://r.sec-consult.com/fortra https://www.fortra.com/security • CWE-922: Insecure Storage of Sensitive Information •
CVE-2021-26837
https://notcve.org/view.php?id=CVE-2021-26837
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. La vulnerabilidad de inyección SQL en el parámetro SearchTextBox en Fortra (Formerly HelpSystems) DeliverNow antes de la versión 1.2.18, permite a los atacantes ejecutar código arbitrario, escalar privilegios y obtener información sensible. • https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-0669 – Fortra GoAnywhere MFT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability. Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. • https://www.exploit-db.com/exploits/51339 https://github.com/Avento/CVE-2023-0669 https://github.com/0xf4n9x/CVE-2023-0669 https://github.com/yosef0x01/CVE-2023-0669-Analysis https://github.com/cataliniovita/CVE-2023-0669 http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft https:/ • CWE-502: Deserialization of Untrusted Data •