cbcvebase.

Openfiler vulnerabilities

5 known vulnerabilities affecting openfiler/openfiler.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2012-10040P2CRITICALCVSS 9.4PoCv2.02025-08-11
CVE-2012-10040 [CRITICAL] CWE-78 CVE-2012-10040: Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parame Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the o
nvd
CVE-2014-7190P4MEDIUMCVSS 6.8PoCv2.99.12014-09-30
CVE-2014-7190 [MEDIUM] CWE-352 CVE-2014-7190: Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attacker Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html.
nvd
CVE-2011-1086P4MEDIUMCVSS 6.1v2.32020-02-07
CVE-2011-1086 [MEDIUM] CWE-79 CVE-2011-1086: Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attacke Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
nvd
CVE-2023-49488P4MEDIUMCVSS 6.1v2.99.12023-12-11
CVE-2023-49488 [MEDIUM] CWE-79 CVE-2023-49488: A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbi A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter.
nvd
CVE-2014-4309P4MEDIUMCVSS 4.3v2.992014-06-18
CVE-2014-4309 [MEDIUM] CWE-79 CVE-2014-4309: Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inje Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTra
nvd
Openfiler vulnerabilities | cvebase