Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1607

CWE-352Cross-Site Request Forgery (CSRF)CWE-532Log File Information ExposureCWE-119Buffer OverflowCWE-787Out-of-bounds Write29 documents7 sources
Severity
7.2HIGH
EPSS
1.0%
top 23.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Filr
Timeline
PublishedAug 1
Latest updateJan 14

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDnovell/filr1.2+1

🔴Vulnerability Details

22
GHSA
GHSA-w3m9-q5q6-jr9h: Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 22022-05-17
GHSA
ChakraCore vulnerable to remote code execution due to insufficient InlineCache check2022-05-17
GHSA
ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction2022-05-14
GHSA
ChakraCore vulnerable to remote code execution2022-05-14
GHSA
ChakraCore RCE Vulnerability2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities2016-07-25

📋Vendor Advisories

2
Microsoft
Windows Kernel Memory Information Disclosure Vulnerability2025-01-14
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability2022-03-03
CVE-2016-1607 (HIGH CVSS 7.2) | Multiple cross-site request forgery | cvebase.io