Full Disclosure mailing list archives

Multiple security issues in MOVEit Managed File Transfer application

From: Profundis Labs <profundislabs () googlemail com>
Date: Wed, 27 Jan 2016 14:43:24 +0100

During a security investigation multiple security issues have been
discovered in the MOVEit File Transfer web- and mobile application from
Ipswitch, Inc.

* CVE-2015-7675: Unauthorized access to arbitrary files and documents
  https://www.profundis-labs.com/advisories/CVE-2015-7675.txt
* CVE-2015-7676: Insecure default configuration (Persistant XSS)
  https://www.profundis-labs.com/advisories/CVE-2015-7676.txt
* CVE-2015-7677: Enumeration of existing FileIDs
  https://www.profundis-labs.com/advisories/CVE-2015-7677.txt
* CVE-2015-7678: CSRF
  https://www.profundis-labs.com/advisories/CVE-2015-7678.txt
* CVE-2015-7679: Reflected XSS
  https://www.profundis-labs.com/advisories/CVE-2015-7679.txt
* CVE-2015-7680: Enumeration of existing usernames
  https://www.profundis-labs.com/advisories/CVE-2015-7680.txt

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Multiple security issues in MOVEit Managed File Transfer application Profundis Labs (Jan 27)