CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32268 – Administrator equivalent Filr user can access proxy administrator credentials
https://notcve.org/view.php?id=CVE-2023-32268
06 Dec 2023 — Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Exposición de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy. • https://portal.microfocus.com/s/article/KM000020081?language=en_US • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 10%CPEs: 1EXPL: 1CVE-2023-5762 – Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext
https://notcve.org/view.php?id=CVE-2023-5762
13 Nov 2023 — The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. El complemento Filr de WordPress anterior a 1.2.3.6 es afectado por una vulnerabilidad RCE (ejecución remota de código), que permite al sistema operativo ejecutar comandos y comprometer completamente el servidor en nombre de un usuario con privilegios de nivel de autor.... • https://wpscan.com/vulnerability/6ad99725-eccc-4b61-bce2-668b62619deb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38755 – Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1
https://notcve.org/view.php?id=CVE-2022-38755
21 Nov 2022 — A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. Se ha identificado una vulnerabilidad en Micro Focus Filr en versiones anteriores a la 4.3.1.1. • https://portal.microfocus.com/s/article/KM000011886?language=en_US •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1777 – Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls
https://notcve.org/view.php?id=CVE-2022-1777
23 May 2022 — The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. El plugin Filr de WordPress versiones anteriores a 1.2.2.1, no presenta comprobación de autorización en dos de sus acciones AJAX, lo que permite que se... • https://wpscan.com/vulnerability/a50dc7f8-a9e6-41fa-a047-ad1c3bc309b4 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25838
https://notcve.org/view.php?id=CVE-2020-25838
11 Dec 2020 — Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. Una vulnerabilidad de divulgación de información confidencial no autorizada en el producto Micro Focus Filr. Afectando a todas las versiones 3.x y 4.x. • https://softwaresupport.softwaregrp.com/doc/KM03767186 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25832
https://notcve.org/view.php?id=CVE-2020-25832
17 Nov 2020 — Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. Una vulnerabilidad de tipo Cross Site scripting reflejada en el producto Micro Focus Filr, afectando a la versión 4.2.1. La vulnerabilidad podría ser explotada para llevar a cabo un ataque de tipo XSS reflejado • https://softwaresupport.softwaregrp.com/doc/KM03763396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 3%CPEs: 7EXPL: 2CVE-2019-3474 – Path traversal vulnerability in Filr web application
https://notcve.org/view.php?id=CVE-2019-3474
20 Feb 2019 — A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Una vulnerabilidad de salto de directorio en el componente de aplicación web de Micro Focus Filr, en versiones 3.x, permite que un atacante remoto autenticado como usuario con pocos privilegios descargue archivos arbitrarios del se... • https://packetstorm.news/files/id/151803 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 2CVE-2019-3475 – Local privilege escalation in Filr famtd
https://notcve.org/view.php?id=CVE-2019-3475
20 Feb 2019 — A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Una vulnerabilidad de escalado de privilegios local en el componente famtd de Micro Focus Filr 3.0 permite que un atacante local autenticado como usuario con bajos privilegios escale a root. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anterio... • https://packetstorm.news/files/id/151803 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 2CVE-2016-1608 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1608
25 Jul 2016 — vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. vaconfig/time en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres shell en el parámetro ntpServer. Multiple Micro Focus Filr appliances suffer fro... • https://packetstorm.news/files/id/138038 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 2CVE-2016-1609 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1609
25 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. Múltiples vulnerabilidades de XSS en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permiten a usuarios remotos autenticados inyectar ... • https://packetstorm.news/files/id/138038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •