CVE-2017-8788
https://notcve.org/view.php?id=CVE-2017-8788
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Hay una vulnerabilidad de CRLF en settings_global_text_edit.php permitiendo ataques ? • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2017-8791
https://notcve.org/view.php?id=CVE-2017-8791
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. Existe un vector de ataque CRLF home/seos/courier/login.html auth_params . • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2017-8304
https://notcve.org/view.php?id=CVE-2017-8304
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. Se ha descubierto un fallo en los dispositivos Accellion FTA en versiones anteriores a la FTA_9_12_180. courier/1000@/oauth/playground/callback.html permite Cross-Site Scripting (XSS) con un URI manipulado. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-8789
https://notcve.org/view.php?id=CVE-2017-8789
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. Se descubrió un problema en los dispositivos FTA anteriores a FTA_9_12_180. Existe un vector de inyección SQL report_error.php? • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-8794
https://notcve.org/view.php?id=CVE-2017-8794
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Debido a una expresión regular (destinada a coincidir con las URL https locales) carece de un carácter ^ inicial, courier/web/1000@/wmProgressval.html, que permite ataques SSRF con un archivo: ///etc/passwd#https:// patrón de URL. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-918: Server-Side Request Forgery (SSRF) •