CVE-2016-1610 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1610
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name. Vulnerabilidad de salto de directorio en la característica email-template en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a atacantes remotos eludir restricciones destinadas al acceso y escribir a archivos arbitrarios a través de .. (punto punto) en un nombre del blob. Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/40161 http://seclists.org/bugtraq/2016/Jul/119 http://www.securityfocus.com/bid/92113 https://download.novell.com/Download?buildid=3V-3ArYN85I~ https://download.novell.com/Download?buildid=BOTiHcBFfv0~ https://www.novell.com/support/kb/doc.php?id=7017788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-1607 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1607
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. Múltiples vulnerabilidades de CSRF en la interfaz administrativa en Novell Filr en versiones anteriores a 2.0 Security Update 2 permiten a atacantes remotos secuestrar la autenticación de administradores, como se demuestra reconfigurando las opciones temporales a través de una petición vaconfig/time. Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/40161 http://seclists.org/bugtraq/2016/Jul/119 http://www.securityfocus.com/bid/92113 https://download.novell.com/Download?buildid=3V-3ArYN85I~ https://www.novell.com/support/kb/doc.php?id=7017786 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-1609 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1609
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. Múltiples vulnerabilidades de XSS en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un input manipulado, como se demuestra con un atributo manipulado de un elemento IMG en el dipositivo móvil del perfil de usuario. Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/40161 http://seclists.org/bugtraq/2016/Jul/119 http://www.securityfocus.com/bid/92113 https://download.novell.com/Download?buildid=3V-3ArYN85I~ https://download.novell.com/Download?buildid=BOTiHcBFfv0~ https://www.novell.com/support/kb/doc.php?id=7017787 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5968
https://notcve.org/view.php?id=CVE-2015-5968
Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Novell Filr 1.2 en versiones anteriores a Hot Patch 4 permite a atacantes remotos inyectar código web o HTML arbitrarios a través de una URL manipulada. • https://www.novell.com/support/kb/doc.php?id=7017078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •