Vulnerabilities > Accellion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-26 | CVE-2016-5662 | Multiple Security vulnerability in Accellion Kiteworks Appliance Kw2016.03.00 Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2016-05-07 | CVE-2016-2353 | Local Privilege Escalation vulnerability in Accellion File Transfer Appliance 80540 The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. | 7.2 |
| 2016-05-07 | CVE-2016-2352 | Permissions, Privileges, and Access Controls vulnerability in Accellion File Transfer Appliance 80540 The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | 6.5 |
| 2016-05-07 | CVE-2016-2351 | SQL Injection vulnerability in Accellion File Transfer Appliance 80540 SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. | 7.5 |
| 2016-05-07 | CVE-2016-2350 | Cross-site Scripting vulnerability in Accellion File Transfer Appliance 80540 Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. | 4.3 |
| 2010-02-19 | CVE-2009-4648 | Permissions, Privileges, and Access Controls vulnerability in Accellion Secure File Transfer Appliance Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command. | 7.2 |
| 2010-02-19 | CVE-2009-4647 | Cross-Site Scripting vulnerability in Accellion Secure File Transfer Appliance Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs. | 4.3 |
| 2010-02-19 | CVE-2009-4646 | Code Injection vulnerability in Accellion Secure File Transfer Appliance Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. | 9.0 |
| 2010-02-19 | CVE-2009-4645 | Path Traversal vulnerability in Accellion Secure File Transfer Appliance Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2010-02-19 | CVE-2009-4644 | OS Command Injection vulnerability in Accellion Secure File Transfer Appliance Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | 9.0 |