CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 2CVE-2009-4644
https://notcve.org/view.php?id=CVE-2009-4644
19 Feb 2010 — Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. Accellion Secure File Transfer Appliance anterior a v8_0_105 permite a los administradores remotos autenticados evitar el shell restringido y ejecutar comandos a su elección mediante metacaracteres en el comando ping, como lo demuestra la modificación del pro... • http://www.portcullis-security.com/338.php • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 3CVE-2009-4645 – Accellion File Transfer - 'Appliance web_client_user_guide.html?lang' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2009-4645
19 Feb 2010 — Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Vulnerabilidad de salto de directorio en web_client_user_guide.html en Accellion Secure File Transfer Appliance anterior a v8_0_105 permite a atacantes remotos leer ficheros a su elección a través de un .. (punto punto) en el parámetro lang. • https://www.exploit-db.com/exploits/33622 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 2CVE-2009-4647
https://notcve.org/view.php?id=CVE-2009-4647
19 Feb 2010 — Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Accellion Secure File Transfer Appliance anterior a v7_0_296 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el parámetro de nombre de usuario, el cu... • http://secunia.com/advisories/38522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 3CVE-2009-4648 – Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations
https://notcve.org/view.php?id=CVE-2009-4648
19 Feb 2010 — Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command. Accellion Secure File Transfer Appliance anterior a v8_0_105 no restringe adecuadamente el acceso a los comandos sensibles y argumentos que se ejecuta... • https://www.exploit-db.com/exploits/33623 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 3CVE-2008-7012 – Accellion File Transfer Appliance Error Report Message - Open Email Relay
https://notcve.org/view.php?id=CVE-2008-7012
19 Aug 2009 — courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters. courier/1000@/api_error_email.html (tambien conocido como "error reporting page") en Accellion File Transfer Appliance FTA_7_0_178, y posiblemente otras versiones anteriores de FTA_7_0_189, permite a atacantes remotos enviar spam a través de los paráme... • https://www.exploit-db.com/exploits/32382 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3850 – Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3850
27 Aug 2008 — Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Accellion File Transfer FTA_7_0_135 permite a atacantes remotos inyectar web script o HTML a través de PATH_INFO de courier/forgot_password.html. • https://www.exploit-db.com/exploits/32290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •