Shodan
Vulnerabilities
Vulnerable Software
Accellion:  Security Vulnerabilities
CVE-2017-8304
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-05-05
CVE-2017-8760
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.
CVSS Score
6.1
EPSS Score
0.01
Published
2017-05-05
CVE-2017-8788
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-05
CVE-2017-8789
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-05-05
CVE-2017-8790
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-05-05
CVE-2017-8791
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-05
CVE-2017-8792
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-05
CVE-2017-8793
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-05-05
CVE-2017-8794
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
CVSS Score
10.0
EPSS Score
0.003
Published
2017-05-05
CVE-2017-8795
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved