CVE-2012-10040
- EPSS 52.23%
- Veröffentlicht 11.08.2025 15:15:27
- Zuletzt bearbeitet 11.08.2025 18:32:48
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can e...
CVE-2023-49488
- EPSS 0.11%
- Veröffentlicht 11.12.2023 21:15:07
- Zuletzt bearbeitet 21.11.2024 08:33:28
A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter.
CVE-2011-1086
- EPSS 0.84%
- Veröffentlicht 07.02.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 01:25:29
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
CVE-2014-7190
- EPSS 0.2%
- Veröffentlicht 30.09.2014 16:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
CVE-2014-4309
- EPSS 0.23%
- Veröffentlicht 18.06.2014 14:55:13
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML ...