Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Accellion Subscribe
Total 42 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4645 1 Accellion 1 Secure File Transfer Appliance 2017-08-16 7.8 HIGH N/A
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2009-4648 1 Accellion 1 Secure File Transfer Appliance 2017-08-16 7.2 HIGH N/A
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
CVE-2008-7012 1 Accellion 1 Secure File Transfer Appliance 2017-08-16 7.8 HIGH N/A
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
CVE-2008-3850 1 Accellion 1 Secure File Transfer Appliance 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
CVE-2017-8788 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
CVE-2017-8794 1 Accellion 1 File Transfer Appliance 2017-05-17 6.4 MEDIUM 10.0 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
CVE-2017-8796 1 Accellion 1 File Transfer Appliance 2017-05-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
CVE-2017-8791 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
CVE-2017-8789 1 Accellion 1 File Transfer Appliance 2017-05-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
CVE-2017-8304 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
CVE-2017-8760 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVE-2017-8790 1 Accellion 1 File Transfer Appliance 2017-05-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
CVE-2017-8795 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
CVE-2017-8792 1 Accellion 1 File Transfer Appliance 2017-05-17 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
CVE-2016-5664 1 Accellion 1 Kiteworks Appliance 2016-11-28 5.0 MEDIUM 4.3 MEDIUM
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
CVE-2016-5663 1 Accellion 1 Kiteworks Appliance 2016-11-28 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.
CVE-2016-5662 1 Accellion 1 Kiteworks Appliance 2016-11-28 7.2 HIGH 7.8 HIGH
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
CVE-2016-2351 1 Accellion 1 File Transfer Appliance 2016-05-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.
CVE-2016-2353 1 Accellion 1 File Transfer Appliance 2016-05-10 7.2 HIGH 7.8 HIGH
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
CVE-2016-2350 1 Accellion 1 File Transfer Appliance 2016-05-10 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.