[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Multiple security issues in MOVEit Managed File Transfer application

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Multiple security issues in MOVEit Managed File Transfer application
From: Profundis Labs <profundislabs@xxxxxxxxxxxxxx>
Date: Wed, 27 Jan 2016 14:43:24 +0100

During a security investigation multiple security issues have been
discovered in the MOVEit File Transfer web- and mobile application from
Ipswitch, Inc.

* CVE-2015-7675: Unauthorized access to arbitrary files and documents
  https://www.profundis-labs.com/advisories/CVE-2015-7675.txt
* CVE-2015-7676: Insecure default configuration (Persistant XSS)
  https://www.profundis-labs.com/advisories/CVE-2015-7676.txt
* CVE-2015-7677: Enumeration of existing FileIDs
  https://www.profundis-labs.com/advisories/CVE-2015-7677.txt
* CVE-2015-7678: CSRF
  https://www.profundis-labs.com/advisories/CVE-2015-7678.txt
* CVE-2015-7679: Reflected XSS
  https://www.profundis-labs.com/advisories/CVE-2015-7679.txt
* CVE-2015-7680: Enumeration of existing usernames
  https://www.profundis-labs.com/advisories/CVE-2015-7680.txt

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption
Next by Date: [FD] HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase
Previous by thread: [FD] [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption
Next by thread: [FD] HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase
Index(es):
- Date
- Thread