CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2016-1607 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1607
25 Jul 2016 — Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. Múltiples vulnerabilidades de CSRF en la interfaz administrativa en Novell Filr en versiones anteriores a 2.0 Security Update 2 permiten a atacantes remotos secuestrar la autenticación de administradores, como se demuestra reconfi... • https://packetstorm.news/files/id/138038 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 2CVE-2016-1608 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1608
25 Jul 2016 — vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. vaconfig/time en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres shell en el parámetro ntpServer. Multiple Micro Focus Filr appliances suffer fro... • https://packetstorm.news/files/id/138038 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 2CVE-2016-1609 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1609
25 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. Múltiples vulnerabilidades de XSS en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permiten a usuarios remotos autenticados inyectar ... • https://packetstorm.news/files/id/138038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 23%CPEs: 2EXPL: 2CVE-2016-1610 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1610
25 Jul 2016 — Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name. Vulnerabilidad de salto de directorio en la característica email-template en Novell Filr en versiones anteriores a 1.2 Security Update 3 y 2.0 en versiones anteriores a Security Update 2 permite a atacantes remotos eludir restricciones destinad... • https://packetstorm.news/files/id/138038 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2016-1611 – Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1611
25 Jul 2016 — Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. Novell Filr 1.2 en versiones anteriores a Hot Patch 6 y 2.0 en versiones anteriores a Hot Patch 2 usa permisos de escritura universal para /etc/profile.d/vainit.sh, lo que permite a usuarios locales obtener privilegios reemplazando este contenido del archivo con comandos shell ar... • https://packetstorm.news/files/id/138038 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5968
https://notcve.org/view.php?id=CVE-2015-5968
18 Mar 2016 — Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Novell Filr 1.2 en versiones anteriores a Hot Patch 4 permite a atacantes remotos inyectar código web o HTML arbitrarios a través de una URL manipulada. • https://www.novell.com/support/kb/doc.php?id=7017078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •