Skip to main content

Filr

16 CVEs product

Monthly

CVE-2026-3266 CRITICAL Act Now

Missing authorization in OpenText Filr allows auth bypass via XSRF tokens.

Authentication Bypass Filr
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-4187 LOW Monitor

Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
CVSS 4.0
2.1
EPSS
0.2%
CVE-2023-32268 HIGH This Week

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-5762 HIGH POC This Week

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress Filr
NVD WPScan
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-38755 MEDIUM This Month

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-1777 HIGH POC This Week

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Filr
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-25838 MEDIUM This Month

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-25832 MEDIUM This Month

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-3475 HIGH POC This Week

A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filr
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-3474 MEDIUM POC This Month

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filr
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
9.0%
CVE-2016-1611 HIGH POC This Week

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filr
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-1610 HIGH POC THREAT Act Now

Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Path Traversal Filr
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
20.8%
CVE-2016-1609 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filr
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.4%
CVE-2016-1608 HIGH POC THREAT Act Now

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Authentication Bypass Filr
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.6%
CVE-2016-1607 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Filr
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
1.0%
CVE-2015-5968 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Filr
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing authorization in OpenText Filr allows auth bypass via XSRF tokens.

Authentication Bypass Filr
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress +1
NVD WPScan
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Filr
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM This Month

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Filr
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filr
NVD Exploit-DB
EPSS 9% CVSS 6.5
MEDIUM POC This Month

A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Filr
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filr
NVD Exploit-DB
EPSS 21% CVSS 7.5
HIGH POC THREAT Act Now

Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Path Traversal Filr
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filr
NVD Exploit-DB
EPSS 11% CVSS 8.8
HIGH POC THREAT Act Now

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Authentication Bypass Filr
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Filr
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Filr
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy