Shodan
Vulnerabilities
Vulnerable Software
Accellion:  Security Vulnerabilities
CVE-2017-8796
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-05-05
CVE-2016-5664
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
CVSS Score
4.3
EPSS Score
0.005
Published
2016-08-26
CVE-2016-5663
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2016-08-26
CVE-2016-5662
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-08-26
CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-05-07
CVE-2016-2352
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.
CVSS Score
8.8
EPSS Score
0.004
Published
2016-05-07
CVE-2016-2351
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-05-07
CVE-2016-2350
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-05-07
CVE-2009-4644
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
CVSS Score
9.0
EPSS Score
0.004
Published
2010-02-19
CVE-2009-4645
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVSS Score
7.8
EPSS Score
0.063
Published
2010-02-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved