cbcvebase.

Accellion Secure File Transfer Appliance vulnerabilities

6 known vulnerabilities affecting accellion/secure_file_transfer_appliance.

Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-4645P3HIGHCVSS 7.8PoCv7_0_135v7_0_178+3 more2010-02-19
CVE-2009-4645 [HIGH] CWE-22 CVE-2009-4645: Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Ap Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
nvd
CVE-2008-7012P3HIGHCVSS 7.8PoC≤ 7_0_178v7_0_1352009-08-19
CVE-2008-7012 [HIGH] CVE-2008-7012: courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
nvd
CVE-2009-4648P3HIGHCVSS 7.2PoCv7_0_135v7_0_178+3 more2010-02-19
CVE-2009-4648 [HIGH] CWE-264 CVE-2009-4648: Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensiti Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp co
nvd
CVE-2009-4644P3CRITICALCVSS 9.0v7_0_135v7_0_178+3 more2010-02-19
CVE-2009-4644 [CRITICAL] CWE-78 CVE-2009-4644: Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators t Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
nvd
CVE-2008-3850P4MEDIUMCVSS 4.3PoCv7_0_1352008-08-27
CVE-2008-3850 [MEDIUM] CWE-79 CVE-2008-3850: Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attack Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
nvd
CVE-2009-4647P4MEDIUMCVSS 4.3v7_0_135v7_0_178+2 more2010-02-19
CVE-2009-4647 [MEDIUM] CWE-79 CVE-2009-4647: Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
nvd
Accellion Secure File Transfer Appliance vulnerabilities | cvebase