CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-5623 – Accellion File Transfer Appliance Improper Neutralization of Special Elements used in a Command ('Command Injection')
https://notcve.org/view.php?id=CVE-2019-5623
29 Apr 2020 — Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). Accellion File Transfer Appliance versión FTA_8_0_540, sufre una instancia CWE-77: Neutralización Inapropiada de Elementos Especiales usados en un Comando ("Command Injection"). • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5622 – Accellion File Transfer Appliance Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2019-5622
29 Apr 2020 — Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. Accellion File Transfer Appliance versión FTA_8_0_540, sufre de una instancia CWE-798: Uso de Credenciales Embebidas. • https://www.rapid7.com/db/modules/exploit/linux/misc/accellion_fta_mpipe2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 72%CPEs: 1EXPL: 2CVE-2015-2856 – Accellion FTA Statecode Cookie Arbitrary File Read
https://notcve.org/view.php?id=CVE-2015-2856
10 Oct 2017 — Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. Vulnerabilidad de salto de directorio en la función template en function.inc en dispositivos Accellion File Transfer Appliance anteriores a FTA_9_11_210 permite que atacantes remotos lean archivos arbitrarios mediante un .. (punto punto) en la cookie statecode. • https://packetstorm.news/files/id/181070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 1CVE-2017-8303
https://notcve.org/view.php?id=CVE-2017-8303
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. Se ha descubierto un fallo en los dispositivos Accellion FTA en versiones anteriores a la FTA_9_12_180. seos/1000/find.api permite la ejecución remota de código en metacaracteres shell en el parámetro method. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8304
https://notcve.org/view.php?id=CVE-2017-8304
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. Se ha descubierto un fallo en los dispositivos Accellion FTA en versiones anteriores a la FTA_9_12_180. courier/1000@/oauth/playground/callback.html permite Cross-Site Scripting (XSS) con un URI manipulado. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2017-8760
https://notcve.org/view.php?id=CVE-2017-8760
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. Se detectó un problema en los dispositivos FTA anterior a versión FTA_9_12_180 de Accellion. • https://github.com/Voraka/cve-2017-8760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8788
https://notcve.org/view.php?id=CVE-2017-8788
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. Se descubrió un problema en los dispositivos Accellion FTA anteriores a FTA_9_12_180. Hay una vulnerabilidad de CRLF en settings_global_text_edit.php permitiendo ataques ? • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8789
https://notcve.org/view.php?id=CVE-2017-8789
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. Se descubrió un problema en los dispositivos FTA anteriores a FTA_9_12_180. Existe un vector de inyección SQL report_error.php? • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8790
https://notcve.org/view.php?id=CVE-2017-8790
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. El parámetro "filter" POST home/seos/courier/ldaptest.html puede utilizarse para inyección LDAP. • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8791
https://notcve.org/view.php?id=CVE-2017-8791
05 May 2017 — An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. Se descubrió un problema en los dispositivos Accellion FTA anteriores a la versión FTA_9_12_180. Existe un vector de ataque CRLF home/seos/courier/login.html auth_params . • https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •