Filtered by vendor Accellion Subscriptions
Total 42 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-8788 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
CVE-2017-8760 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVE-2017-8304 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
CVE-2017-8303 1 Accellion 1 File Transfer Appliance 2024-11-21 9.8 Critical
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
CVE-2016-9500 1 Accellion 1 Ftp Server 2024-11-21 N/A
Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.
CVE-2016-9499 1 Accellion 1 Ftp Server 2024-11-21 N/A
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
CVE-2016-5664 1 Accellion 1 Kiteworks Appliance 2024-11-21 N/A
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
CVE-2016-5663 1 Accellion 1 Kiteworks Appliance 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.
CVE-2016-5662 1 Accellion 1 Kiteworks Appliance 2024-11-21 N/A
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
CVE-2016-2353 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
CVE-2016-2352 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.
CVE-2016-2351 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.
CVE-2016-2350 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.
CVE-2015-2857 1 Accellion 1 File Transfer Appliance 2024-11-21 9.8 Critical
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
CVE-2015-2856 1 Accellion 1 File Transfer Appliance 2024-11-21 N/A
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.
CVE-2009-4648 1 Accellion 1 Secure File Transfer Appliance 2024-11-21 N/A
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
CVE-2009-4647 1 Accellion 1 Secure File Transfer Appliance 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
CVE-2009-4646 1 Accellion 1 Secure File Transfer Appliance 2024-11-21 N/A
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
CVE-2009-4645 1 Accellion 1 Secure File Transfer Appliance 2024-11-21 N/A
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2009-4644 1 Accellion 1 Secure File Transfer Appliance 2024-11-21 N/A
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.