CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25154 – Path Traversal in FileCatalyst Direct 3.8.8 and Earlier
https://notcve.org/view.php?id=CVE-2024-25154
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. Una validación de URL incorrecta provoca un path traversal en FileCatalyst Direct 3.8.8 y versiones anteriores, lo que permite que un payload codificado haga que el servidor web devuelva archivos ubicados fuera de la raíz web, lo que puede provocar una fuga de datos. • https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html https://www.fortra.com/security/advisory/fi-2024-003 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25153 – Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114
https://notcve.org/view.php?id=CVE-2024-25153
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells. Un directory traversal dentro del 'ftpservlet' de FileCatalyst Workflow Web Portal permite cargar archivos fuera del directorio 'uploadtemp' previsto con una solicitud POST especialmente manipulada. En situaciones en las que un archivo se carga correctamente en DocumentRoot del portal web, se pueden utilizar archivos JSP especialmente manipulados para ejecutar código, incluidos los shells web. • https://github.com/nettitude/CVE-2024-25153 https://github.com/rainbowhatrkn/CVE-2024-25153 https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html https://www.fortra.com/security/advisory/fi-2024-002 • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 9.8EPSS: 54%CPEs: 2EXPL: 4CVE-2024-0204 – Authentication Bypass in GoAnywhere MFT
https://notcve.org/view.php?id=CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. La omisión de autenticación en GoAnywhere MFT de Fortra anterior a 7.4.1 permite a un usuario no autorizado crear un usuario administrador a través del portal de administración. • https://github.com/horizon3ai/CVE-2024-0204 https://github.com/m-cetin/CVE-2024-0204 https://github.com/cbeek-r7/CVE-2024-0204 https://github.com/adminlove520/CVE-2024-0204 http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml https://www.fortra.com/security/advisory/fi-2024-001 https://www.horizon3& • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-6253 – Saved Uninstall Key in Digital Guardian Agent Uninstaller
https://notcve.org/view.php?id=CVE-2023-6253
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file. Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versión 7.9.4 permite a un atacante local recuperar la clave de desinstalación y eliminar el software extrayendo la clave de desinstalación de la memoria del archivo de desinstalación. The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. • http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html http://seclists.org/fulldisclosure/2023/Nov/14 https://r.sec-consult.com/fortra https://www.fortra.com/security • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26837
https://notcve.org/view.php?id=CVE-2021-26837
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. La vulnerabilidad de inyección SQL en el parámetro SearchTextBox en Fortra (Formerly HelpSystems) DeliverNow antes de la versión 1.2.18, permite a los atacantes ejecutar código arbitrario, escalar privilegios y obtener información sensible. • https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •