Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
Published at: January 26, 2018 at 04:29AM
View on website
New vulnerability on the NVD: CVE-2016-10710
Tag: government hack NVD security






No comments: