Vulnerabilities (CVE)

Filtered by vendor Novell Subscribe

Filtered by product Filr

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-1610	1 Novell	1 Filr	2023-12-10	5.0 MEDIUM	7.5 HIGH
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
CVE-2016-1607	1 Novell	1 Filr	2023-12-10	6.5 MEDIUM	7.2 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
CVE-2016-1609	1 Novell	1 Filr	2023-12-10	3.5 LOW	5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
CVE-2016-1608	1 Novell	1 Filr	2023-12-10	9.0 HIGH	8.8 HIGH
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
CVE-2015-5968	1 Novell	1 Filr	2023-12-10	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1611	1 Novell	1 Filr	2023-12-10	7.2 HIGH	7.8 HIGH
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.