HackDig : Dig high-quality web security articles for hackers

Multiple security issues in MOVEit Managed File Transfer application

2016-01-28 00:40
During a security investigation multiple security issues have been
discovered in the MOVEit File Transfer web- and mobile application from
Ipswitch, Inc.

* CVE-2015-7675: Unauthorized access to arbitrary files and documents
https://www.profundis-labs.com/advisories/CVE-2015-7675.txt
* CVE-2015-7676: Insecure default configuration (Persistant XSS)
https://www.profundis-labs.com/advisories/CVE-2015-7676.txt
* CVE-2015-7677: Enumeration of existing FileIDs
https://www.profundis-labs.com/advisories/CVE-2015-7677.txt
* CVE-2015-7678: CSRF
https://www.profundis-labs.com/advisories/CVE-2015-7678.txt
* CVE-2015-7679: Reflected XSS
https://www.profundis-labs.com/advisories/CVE-2015-7679.txt
* CVE-2015-7680: Enumeration of existing usernames
https://www.profundis-labs.com/advisories/CVE-2015-7680.txt

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 59/naJ/6102/erusolcsidlluf/gro.stsilces

Read:3877 | Comments:0 | Tags:No Tag

“Multiple security issues in MOVEit Managed File Transfer application”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud