| Max CVSS | 5.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3566 | 4.3 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
|
12-09-2023 - 14:55 | 15-10-2014 - 00:55 | |
| CVE-2015-7680 | 5.0 |
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
|
18-02-2016 - 23:16 | 10-02-2016 - 15:59 | |
| CVE-2015-7679 | 4.3 |
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/.
|
18-02-2016 - 23:15 | 10-02-2016 - 15:59 | |
| CVE-2015-7675 | 4.0 |
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg
|
18-02-2016 - 22:45 | 10-02-2016 - 15:59 | |
| CVE-2015-7677 | 4.0 |
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to M
|
12-02-2016 - 00:42 | 10-02-2016 - 15:59 |