Search
Find a vulnerability
Search criteria
10 vulnerabilities by ulli_horlacher
CVE-2014-3875 (GCVE-0-2014-3875)
Vulnerability from nvd – Published: 2019-11-27 18:35 – Updated: 2024-08-06 10:57
VLAI
Summary
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126906/F-EX-… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/06/03/6 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2014/Jun/1 | x_refsource_MISC |
| http://www.securityfocus.com/bid/67783 | x_refsource_MISC |
Date Public
2014-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The addto parameter to fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:35:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/67783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The addto parameter to fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3875",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/06/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Jun/1",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"name": "http://www.securityfocus.com/bid/67783",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/67783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3875",
"datePublished": "2019-11-27T18:35:08.000Z",
"dateReserved": "2014-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3877 (GCVE-0-2014-3877)
Vulnerability from nvd – Published: 2014-06-18 14:00 – Updated: 2024-08-06 10:57
VLAI
Summary
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126906/F-EX-… | x_refsource_MISC |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| https://www.lsexperts.de/advisories/lse-2014-05-22.txt | x_refsource_MISC |
Date Public
2014-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt",
"refsource": "MISC",
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3877",
"datePublished": "2014-06-18T14:00:00.000Z",
"dateReserved": "2014-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3876 (GCVE-0-2014-3876)
Vulnerability from nvd – Published: 2014-06-18 14:00 – Updated: 2024-08-06 10:57
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126906/F-EX-… | x_refsource_MISC |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| https://www.lsexperts.de/advisories/lse-2014-05-22.txt | x_refsource_MISC |
Date Public
2014-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt",
"refsource": "MISC",
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3876",
"datePublished": "2014-06-18T14:00:00.000Z",
"dateReserved": "2014-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:18.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1293 (GCVE-0-2012-1293)
Vulnerability from nvd – Published: 2012-09-25 23:00 – Updated: 2024-08-06 18:53
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2012/dsa-2414 | vendor-advisoryx_refsource_DEBIAN |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/47971 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/02/23/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/02/20/1 | mailing-listx_refsource_MLIST |
| http://osvdb.org/79420 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/02/20/8 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/52085 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2414",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name": "47971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47971"
},
{
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name": "79420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2414",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name": "47971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47971"
},
{
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name": "79420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2414",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name": "47971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47971"
},
{
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name": "79420",
"refsource": "OSVDB",
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1293",
"datePublished": "2012-09-25T23:00:00.000Z",
"dateReserved": "2012-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1409 (GCVE-0-2011-1409)
Vulnerability from nvd – Published: 2011-06-24 20:00 – Updated: 2024-08-06 22:28
VLAI
Summary
Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/48239 | vdb-entryx_refsource_BID |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/44940 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2011/dsa-2259 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2011-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "44940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44940"
},
{
"name": "fex-security-bypass(68005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68005"
},
{
"name": "DSA-2259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Frams\u0027s Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "44940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44940"
},
{
"name": "fex-security-bypass(68005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68005"
},
{
"name": "DSA-2259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Frams\u0027s Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48239"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "44940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44940"
},
{
"name": "fex-security-bypass(68005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68005"
},
{
"name": "DSA-2259",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1409",
"datePublished": "2011-06-24T20:00:00.000Z",
"dateReserved": "2011-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:40.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3875 (GCVE-0-2014-3875)
Vulnerability from cvelistv5 – Published: 2019-11-27 18:35 – Updated: 2024-08-06 10:57
VLAI
Summary
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126906/F-EX-… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/06/03/6 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2014/Jun/1 | x_refsource_MISC |
| http://www.securityfocus.com/bid/67783 | x_refsource_MISC |
Date Public
2014-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The addto parameter to fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:35:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/67783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The addto parameter to fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-3875",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-3875"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/06/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/6"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Jun/1",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/1"
},
{
"name": "http://www.securityfocus.com/bid/67783",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/67783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3875",
"datePublished": "2019-11-27T18:35:08.000Z",
"dateReserved": "2014-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3877 (GCVE-0-2014-3877)
Vulnerability from cvelistv5 – Published: 2014-06-18 14:00 – Updated: 2024-08-06 10:57
VLAI
Summary
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126906/F-EX-… | x_refsource_MISC |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| https://www.lsexperts.de/advisories/lse-2014-05-22.txt | x_refsource_MISC |
Date Public
2014-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt",
"refsource": "MISC",
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3877",
"datePublished": "2014-06-18T14:00:00.000Z",
"dateReserved": "2014-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:17.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3876 (GCVE-0-2014-3876)
Vulnerability from cvelistv5 – Published: 2014-06-18 14:00 – Updated: 2024-08-06 10:57
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126906/F-EX-… | x_refsource_MISC |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| https://www.lsexperts.de/advisories/lse-2014-05-22.txt | x_refsource_MISC |
Date Public
2014-06-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Frams\u0027 Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt",
"refsource": "MISC",
"url": "https://www.lsexperts.de/advisories/lse-2014-05-22.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3876",
"datePublished": "2014-06-18T14:00:00.000Z",
"dateReserved": "2014-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:57:18.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1293 (GCVE-0-2012-1293)
Vulnerability from cvelistv5 – Published: 2012-09-25 23:00 – Updated: 2024-08-06 18:53
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2012/dsa-2414 | vendor-advisoryx_refsource_DEBIAN |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/47971 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/02/23/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/02/20/1 | mailing-listx_refsource_MLIST |
| http://osvdb.org/79420 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2012/02/20/8 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/52085 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2414",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name": "47971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47971"
},
{
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name": "79420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2414",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name": "47971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47971"
},
{
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name": "79420",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams\u0027 Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2414",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name": "47971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47971"
},
{
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name": "79420",
"refsource": "OSVDB",
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX \u003c= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1293",
"datePublished": "2012-09-25T23:00:00.000Z",
"dateReserved": "2012-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1409 (GCVE-0-2011-1409)
Vulnerability from cvelistv5 – Published: 2011-06-24 20:00 – Updated: 2024-08-06 22:28
VLAI
Summary
Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/48239 | vdb-entryx_refsource_BID |
| http://fex.rus.uni-stuttgart.de/fex.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/44940 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2011/dsa-2259 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2011-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "44940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44940"
},
{
"name": "fex-security-bypass(68005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68005"
},
{
"name": "DSA-2259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Frams\u0027s Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "44940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44940"
},
{
"name": "fex-security-bypass(68005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68005"
},
{
"name": "DSA-2259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Frams\u0027s Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48239"
},
{
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name": "44940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44940"
},
{
"name": "fex-security-bypass(68005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68005"
},
{
"name": "DSA-2259",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1409",
"datePublished": "2011-06-24T20:00:00.000Z",
"dateReserved": "2011-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:40.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}