Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for moveit_mobile by ipswitch
CVE-2015-7679 (GCVE-0-2015-7679)
Vulnerability from nvd – Published: 2016-02-10 15:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/Jan/95 | mailing-listx_refsource_FULLDISC |
| http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNote… | x_refsource_CONFIRM |
| https://profundis-labs.com/advisories/CVE-2015-7679.txt | x_refsource_MISC |
| http://packetstormsecurity.com/files/135461/Ipswi… | x_refsource_MISC |
Date Public
2015-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:58.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://profundis-labs.com/advisories/CVE-2015-7679.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-10T12:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://profundis-labs.com/advisories/CVE-2015-7679.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
"refsource": "CONFIRM",
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"name": "https://profundis-labs.com/advisories/CVE-2015-7679.txt",
"refsource": "MISC",
"url": "https://profundis-labs.com/advisories/CVE-2015-7679.txt"
},
{
"name": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7679",
"datePublished": "2016-02-10T15:00:00.000Z",
"dateReserved": "2015-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:58.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7678 (GCVE-0-2015-7678)
Vulnerability from nvd – Published: 2016-02-10 15:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/Jan/95 | mailing-listx_refsource_FULLDISC |
| https://www.profundis-labs.com/advisories/CVE-201… | x_refsource_MISC |
| http://packetstormsecurity.com/files/135460/Ipswi… | x_refsource_MISC |
Date Public
2016-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-10T12:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"name": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt",
"refsource": "MISC",
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt"
},
{
"name": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7678",
"datePublished": "2016-02-10T15:00:00.000Z",
"dateReserved": "2015-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7675 (GCVE-0-2015-7675)
Vulnerability from nvd – Published: 2016-02-10 15:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/Jan/95 | mailing-listx_refsource_FULLDISC |
| http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNote… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/135457/Ipswi… | x_refsource_MISC |
| https://www.profundis-labs.com/advisories/CVE-201… | x_refsource_MISC |
Date Public
2015-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-10T12:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
"refsource": "CONFIRM",
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"name": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"
},
{
"name": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt",
"refsource": "MISC",
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7675",
"datePublished": "2016-02-10T15:00:00.000Z",
"dateReserved": "2015-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7678 (GCVE-0-2015-7678)
Vulnerability from cvelistv5 – Published: 2016-02-10 15:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/Jan/95 | mailing-listx_refsource_FULLDISC |
| https://www.profundis-labs.com/advisories/CVE-201… | x_refsource_MISC |
| http://packetstormsecurity.com/files/135460/Ipswi… | x_refsource_MISC |
Date Public
2016-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-10T12:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"name": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt",
"refsource": "MISC",
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7678.txt"
},
{
"name": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135460/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7678",
"datePublished": "2016-02-10T15:00:00.000Z",
"dateReserved": "2015-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7679 (GCVE-0-2015-7679)
Vulnerability from cvelistv5 – Published: 2016-02-10 15:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/Jan/95 | mailing-listx_refsource_FULLDISC |
| http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNote… | x_refsource_CONFIRM |
| https://profundis-labs.com/advisories/CVE-2015-7679.txt | x_refsource_MISC |
| http://packetstormsecurity.com/files/135461/Ipswi… | x_refsource_MISC |
Date Public
2015-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:58.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://profundis-labs.com/advisories/CVE-2015-7679.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-10T12:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://profundis-labs.com/advisories/CVE-2015-7679.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
"refsource": "CONFIRM",
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"name": "https://profundis-labs.com/advisories/CVE-2015-7679.txt",
"refsource": "MISC",
"url": "https://profundis-labs.com/advisories/CVE-2015-7679.txt"
},
{
"name": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135461/Ipswitch-MOVEit-Mobile-1.2.0.962-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7679",
"datePublished": "2016-02-10T15:00:00.000Z",
"dateReserved": "2015-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:58.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7675 (GCVE-0-2015-7675)
Vulnerability from cvelistv5 – Published: 2016-02-10 15:00 – Updated: 2024-08-06 07:58
VLAI
EPSS
VEX
Summary
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/Jan/95 | mailing-listx_refsource_FULLDISC |
| http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNote… | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/135457/Ipswi… | x_refsource_MISC |
| https://www.profundis-labs.com/advisories/CVE-201… | x_refsource_MISC |
Date Public
2015-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-10T12:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Send as attachment\" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Multiple security issues in MOVEit Managed File Transfer application",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/95"
},
{
"name": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf",
"refsource": "CONFIRM",
"url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"
},
{
"name": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135457/Ipswitch-MOVEit-DMZ-8.1-Authorization-Bypass.html"
},
{
"name": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt",
"refsource": "MISC",
"url": "https://www.profundis-labs.com/advisories/CVE-2015-7675.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7675",
"datePublished": "2016-02-10T15:00:00.000Z",
"dateReserved": "2015-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}