| Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-7676 | 3.5 |
Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.
|
28-11-2016 - 19:44 | 15-04-2016 - 15:59 | |
| CVE-2015-7680 | 5.0 |
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
|
18-02-2016 - 23:16 | 10-02-2016 - 15:59 | |
| CVE-2015-7679 | 4.3 |
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
|
18-02-2016 - 23:15 | 10-02-2016 - 15:59 | |
| CVE-2015-7678 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
18-02-2016 - 22:49 | 10-02-2016 - 15:59 | |
| CVE-2015-7675 | 4.0 |
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg
|
18-02-2016 - 22:45 | 10-02-2016 - 15:59 | |
| CVE-2015-7677 | 4.0 |
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to M
|
12-02-2016 - 00:42 | 10-02-2016 - 15:59 |