Shodan
Vulnerabilities
Vulnerable Software
Accellion:  Security Vulnerabilities
CVE-2016-5662
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-08-26
CVE-2016-2353
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-05-07
CVE-2016-2352
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.
CVSS Score
8.8
EPSS Score
0.01
Published
2016-05-07
CVE-2016-2351
SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2016-05-07
CVE-2016-2350
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-05-07
CVE-2009-4644
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
CVSS Score
9.0
EPSS Score
0.004
Published
2010-02-19
CVE-2009-4645
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVSS Score
7.8
EPSS Score
0.026
Published
2010-02-19
CVE-2009-4646
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
CVSS Score
9.0
EPSS Score
0.006
Published
2010-02-19
CVE-2009-4647
Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-02-19
CVE-2009-4648
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
CVSS Score
7.2
EPSS Score
0.003
Published
2010-02-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved