CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-2350
https://notcve.org/view.php?id=CVE-2016-2350
07 May 2016 — Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. Múltiples vulnerabilidades de XSS sobre el Accellion File Transfer Appliance (FTA) en versiones anteriores a FTA_9_12_40 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la entrada no espe... • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-2351
https://notcve.org/view.php?id=CVE-2016-2351
07 May 2016 — SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. Vulnerabilidad de inyección SQL en home/seos/courier/security_key2.api sobre el Accellion File Transfer Appliance (FTA) en versiones anteriores a FTA_9_12_40 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro client_id. • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-2352
https://notcve.org/view.php?id=CVE-2016-2352
07 May 2016 — The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. El Accellion File Transfer Appliance (FTA) en versiones anteriores a FTA_9_12_40 permite a usuarios remotos autenticados ejecutar comandos arbitrarios aprovechando el rol de usuario restringido YUM_CLIENT. • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-2353
https://notcve.org/view.php?id=CVE-2016-2353
07 May 2016 — The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. El Accellion File Transfer Appliance (FTA) en versiones anteriores a FTA_9_12_40 permite a usuarios locales añadir una clave SSH a un grupo arbitrario, y consecuentemente obtener privilegios, a través de vectores no especificados. • http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 85%CPEs: 1EXPL: 4CVE-2015-2857 – Accellion FTA - getStatus verify_oauth_token Command Execution
https://notcve.org/view.php?id=CVE-2015-2857
13 Jul 2015 — Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. Accellion File Transfer Appliance en versiones anteriores a la FTA_9_11_210 permite que atacantes remotos ejecuten código arbitrario mediante metacaracteres shell en el parámetro oauth_token. • https://packetstorm.news/files/id/132665 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 2CVE-2009-4644
https://notcve.org/view.php?id=CVE-2009-4644
19 Feb 2010 — Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. Accellion Secure File Transfer Appliance anterior a v8_0_105 permite a los administradores remotos autenticados evitar el shell restringido y ejecutar comandos a su elección mediante metacaracteres en el comando ping, como lo demuestra la modificación del pro... • http://www.portcullis-security.com/338.php • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 3CVE-2009-4645 – Accellion File Transfer - 'Appliance web_client_user_guide.html?lang' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2009-4645
19 Feb 2010 — Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Vulnerabilidad de salto de directorio en web_client_user_guide.html en Accellion Secure File Transfer Appliance anterior a v8_0_105 permite a atacantes remotos leer ficheros a su elección a través de un .. (punto punto) en el parámetro lang. • https://www.exploit-db.com/exploits/33622 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2009-4646
https://notcve.org/view.php?id=CVE-2009-4646
19 Feb 2010 — Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. Vulnerabilidad de inyección de código estático en la interfaz web de administración en Accellion Secure File Transfer Appliance permite a los administradores remotos autenticados inyectar comandos shell a su elección añadiendolos a una petició... • http://secunia.com/advisories/38538 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 2CVE-2009-4647
https://notcve.org/view.php?id=CVE-2009-4647
19 Feb 2010 — Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Accellion Secure File Transfer Appliance anterior a v7_0_296 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el parámetro de nombre de usuario, el cu... • http://secunia.com/advisories/38522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 3CVE-2009-4648 – Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations
https://notcve.org/view.php?id=CVE-2009-4648
19 Feb 2010 — Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command. Accellion Secure File Transfer Appliance anterior a v8_0_105 no restringe adecuadamente el acceso a los comandos sensibles y argumentos que se ejecuta... • https://www.exploit-db.com/exploits/33623 • CWE-264: Permissions, Privileges, and Access Controls •