Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27757 of 28111

CVE-2017-8789

Posted by Cyberthreat Blog | May 5, 2017 | CVE Notifications |

An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year=’payload SQL injection vector exists.

CVE-2017-8790

Posted by Cyberthreat Blog | May 5, 2017 | CVE Notifications |

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter “filter” can be used for LDAP Injection.

CVE-2017-8791

Posted by Cyberthreat Blog | May 5, 2017 | CVE Notifications |

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.

CVE-2017-8304

Posted by Cyberthreat Blog | May 5, 2017 | CVE Notifications |

An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.

CVE-2017-8788

Posted by Cyberthreat Blog | May 5, 2017 | CVE Notifications |

An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.

Author: Cyberthreat Blog

CVE-2017-8789

CVE-2017-8790

CVE-2017-8791

CVE-2017-8304

CVE-2017-8788