cbcvebase.

Ulli Horlacher Fex vulnerabilities

7 known vulnerabilities affecting ulli_horlacher/fex.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2020-15591P2CRITICALCVSS 9.8≥ 0, < 20160919-22022-03-17
CVE-2020-15591 [CRITICAL] CVE-2020-15591: fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution) fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).
osv
CVE-2012-0869P4MEDIUMCVSS 4.3PoC≤ 20120207v2011205+54 more2012-09-25
CVE-2012-0869 [MEDIUM] CWE-79 CVE-2012-0869: Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
nvdosv
CVE-2011-1409P3MEDIUMCVSS 5.0v201002082011-06-24
CVE-2011-1409 [MEDIUM] CWE-287 CVE-2011-1409: Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, al Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.
nvdosv
CVE-2014-3875P4MEDIUMCVSS 6.1fixed in 20140532019-11-27
CVE-2014-3875 [MEDIUM] CWE-79 CVE-2014-3875: The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows re The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
nvdosv
CVE-2014-3877P4MEDIUMCVSS 4.3≤ 201403132014-06-18
CVE-2014-3877 [MEDIUM] CVE-2014-3877: Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
nvdosv
CVE-2014-3876P4MEDIUMCVSS 4.3≤ 201403132014-06-18
CVE-2014-3876 [MEDIUM] CWE-79 CVE-2014-3876: Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) bef Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
nvdosv
CVE-2012-1293P4MEDIUMCVSS 4.3≤ 20111129v20110609+41 more2012-09-25
CVE-2012-1293 [MEDIUM] CWE-79 CVE-2012-1293: Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka f Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.
nvdosv
Ulli Horlacher Fex vulnerabilities | cvebase