Vulnerabilities > Accellion > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-26 | CVE-2016-5662 | Multiple Security vulnerability in Accellion Kiteworks Appliance Kw2016.03.00 Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2016-05-07 | CVE-2016-2353 | Local Privilege Escalation vulnerability in Accellion File Transfer Appliance 80540 The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. | 7.2 |
| 2016-05-07 | CVE-2016-2351 | SQL Injection vulnerability in Accellion File Transfer Appliance 80540 SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. | 7.5 |
| 2010-02-19 | CVE-2009-4648 | Permissions, Privileges, and Access Controls vulnerability in Accellion Secure File Transfer Appliance Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command. | 7.2 |
| 2010-02-19 | CVE-2009-4645 | Path Traversal vulnerability in Accellion Secure File Transfer Appliance Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2009-08-19 | CVE-2008-7012 | Unspecified vulnerability in Accellion Secure File Transfer Appliance 70135 courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters. | 7.8 |