[FD] Multiple security issues in MOVEit Managed File Transfer application

During a security investigation multiple security issues have been
discovered in the MOVEit File Transfer web- and mobile application from
Ipswitch, Inc.


* CVE-2015-7675: Unauthorized access to arbitrary files and documents
  https://www.profundis-labs.com/advisories/CVE-2015-7675.txt
* CVE-2015-7676: Insecure default configuration (Persistant XSS)
  https://www.profundis-labs.com/advisories/CVE-2015-7676.txt
* CVE-2015-7677: Enumeration of existing FileIDs
  https://www.profundis-labs.com/advisories/CVE-2015-7677.txt
* CVE-2015-7678: CSRF
  https://www.profundis-labs.com/advisories/CVE-2015-7678.txt
* CVE-2015-7679: Reflected XSS
  https://www.profundis-labs.com/advisories/CVE-2015-7679.txt
* CVE-2015-7680: Enumeration of existing usernames
  https://www.profundis-labs.com/advisories/CVE-2015-7680.txt

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] Multiple security issues in MOVEit Managed File Transfer application

Reply via email to