Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5662 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | N/A |
| Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2016-5663 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. | ||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | N/A |
| Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | ||||
| CVE-2021-31586 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 8.8 High |
| Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. | ||||
| CVE-2021-31585 | 1 Accellion | 1 Kiteworks | 2024-11-21 | 6.7 Medium |
| Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. | ||||
| CVE-2017-9421 | 1 Accellion | 1 Kiteworks | 2024-11-21 | N/A |
| Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token. | ||||
Page 1 of 1.