RSS   Vulnerabilities for 'Secure file transfer'   RSS

2020-02-07
 
CVE-2020-8796

NVD-CWE-Other
 

 
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.

 
2020-01-31
 
CVE-2020-8503

CWE-639
 

 
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.

 
2017-07-18
 
CVE-2017-5247

 

 
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name.

 
 
CVE-2017-5246

 

 
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name.

 
2017-06-28
 
CVE-2017-5241

 

 
Biscom Secure File Transfer version 5.1.1015 (and possibly prior) is vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.

 


Copyright 2024, cxsecurity.com

 

Back to Top