Full Disclosure mailing list archives
Multiple security issues in MOVEit Managed File Transfer application
From: Profundis Labs <profundislabs () googlemail com>
Date: Wed, 27 Jan 2016 14:43:24 +0100
During a security investigation multiple security issues have been discovered in the MOVEit File Transfer web- and mobile application from Ipswitch, Inc. * CVE-2015-7675: Unauthorized access to arbitrary files and documents https://www.profundis-labs.com/advisories/CVE-2015-7675.txt * CVE-2015-7676: Insecure default configuration (Persistant XSS) https://www.profundis-labs.com/advisories/CVE-2015-7676.txt * CVE-2015-7677: Enumeration of existing FileIDs https://www.profundis-labs.com/advisories/CVE-2015-7677.txt * CVE-2015-7678: CSRF https://www.profundis-labs.com/advisories/CVE-2015-7678.txt * CVE-2015-7679: Reflected XSS https://www.profundis-labs.com/advisories/CVE-2015-7679.txt * CVE-2015-7680: Enumeration of existing usernames https://www.profundis-labs.com/advisories/CVE-2015-7680.txt _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Multiple security issues in MOVEit Managed File Transfer application Profundis Labs (Jan 27)