| CVE-2017-6195 | Cri | 0.64 | 9.8 | 0.00 | | May 18, 2017 | Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. |
| CVE-2015-7676 | Med | 0.35 | 5.4 | 0.00 | | Apr 15, 2016 | Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. |
| CVE-2015-7680 | Med | 0.34 | 5.3 | 0.00 | | Feb 10, 2016 | Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx. |
| CVE-2015-7677 | Med | 0.28 | 4.3 | 0.00 | | Feb 10, 2016 | The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll. |
