Vulnerabilities for FILR (...) - CXSECURITY.COM

Vulnerabilities for 'FILR'

2016-07-31

CVE-2016-1611

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.

CVE-2016-1610

Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.

CVE-2016-1609

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.

CVE-2016-1608

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.

CVE-2016-1607

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.

2016-03-18

CVE-2015-5968

Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

>>> Vendor: Novell 111 Products

Netware ftp server

Groupwise webaccess

Small business suite

Zenworks desktops

Client firewall

Internet messaging system

Zenworks remote management

Zenworks server management

Zenworks servers

Open enterprise server

Zenworks patch management server

Groupwise messenger

Identity manager

Zenworks asset management

Apache http server

Access manager identity server

Extend director

Modular authentication service

Client login extension (cle)

Zenworks endpoint security management

Zenworks patch management update agent

Challenge response client

Novell client for windows

Zenworks desktop management

Identity manager roles based provisioning module

User application

Netidentity client1.2.3

Suse linux enterprise server

Suse lifecycle management server

Zenworks configuration management

Zenworks handheld management

Zenworks configuration manager

Iprint open enterprise server

Opensuse build service

Suse linux enterprise

Opensuse factory

Identity manager user application

Xtier framework

Data synchronizer

File reporter engine

Suse studio onsite

Iprint open enterprise server 2

Sentinel log manager

Suse audit log keeper

Zenworks mobile management

Suse linux enterprise desktop

Suse linux software development kit

Suse linux enterprise for sap applications

Suse linux enterprise software development kit

Suse linux for vmware

FILR

Suse linux enterprise module for legacy software

Suse manager proxy

Suse openstack cloud

Suse package hub for suse linux enterprise

Suse linux enterprise live patching

Suse linux enterprise module for public cloud

Suse linux enterprise workstation extension

See all Products for Vendor Novell

Copyright 2024, cxsecurity.com