cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2016-1607,https://securityvulnerability.io/vulnerability/CVE-2016-1607,,"Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.",Novell,Filr,7.2,HIGH,0.002420000033453107,false,false,false,false,,false,false,2016-08-01T01:00:00.000Z,0
CVE-2016-1608,https://securityvulnerability.io/vulnerability/CVE-2016-1608,,vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.,Novell,Filr,8.8,HIGH,0.009999999776482582,false,false,false,false,,false,false,2016-08-01T01:00:00.000Z,0
CVE-2016-1609,https://securityvulnerability.io/vulnerability/CVE-2016-1609,,"Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.",Novell,Filr,5.4,MEDIUM,0.002409999957308173,false,false,false,false,,false,false,2016-08-01T01:00:00.000Z,0
CVE-2016-1610,https://securityvulnerability.io/vulnerability/CVE-2016-1610,,Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.,Novell,Filr,7.5,HIGH,0.012260000221431255,false,false,false,false,,false,false,2016-08-01T01:00:00.000Z,0
CVE-2016-1611,https://securityvulnerability.io/vulnerability/CVE-2016-1611,,"Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.",Novell,Filr,7.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2016-08-01T01:00:00.000Z,0
CVE-2015-5968,https://securityvulnerability.io/vulnerability/CVE-2015-5968,,Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,Novell,Filr,6.1,MEDIUM,0.0031300000846385956,false,false,false,false,,false,false,2016-03-18T10:00:00.000Z,0