MAL-2025-43247 Malicious code in @zalastax/nolb-fex (npm)

The package @zalastax/nolb-fex was found to contain malicious code...

Malicious code in @zalastax/nolb-fex (npm)

The package @zalastax/nolb-fex was found to contain malicious code...

CVE-2020-15591

fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution...

Debian: Security Advisory (DLA-68-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-20012

CVE-2023-20012 affects the Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) used in UCS Fabric Interconnect deployments. The issue is an improper implementation of the password validation function in the CLI console login, allowing an unauthenticated, physically-adjacent attacker to bypass authe...

Remote code execution

fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution...

CVE-2014-3875

The addto parameter to fup in Frams' Fast File EXchange FEX, aka fex before fex-2014053 allows remote attackers to conduct cross-site scripting XSS attacks...

UBUNTU-CVE-2019-11640

An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function recfexparsestrsimple at rec-fex.c in librec.a...

PT-2019-18099 · Gnu +3 · Gnu Recutils +3

Name of the Vulnerable Software and Affected Versions: GNU Recutils version 1.8 Description: An issue was discovered in GNU Recutils. There is a NULL pointer dereference in the function rec fex size in the file rec-fex.c of librec.a. Recommendations: For GNU Recutils version 1.8, consider avoidin...

Debian DLA-68-1 : fex security update

CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website. CVE-2014-3876 The parameter akey is reflected unfiltered as part of the HTML page. Some characters are forbidd...

[SECURITY] [DLA 68-1] fex security update

Package : fex Version : 20100208+debian1-1+squeeze4 CVE ID : CVE-2014-3875 CVE-2014-3876 CVE-2014-3877 CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website...

DLA-68-1 fex - security update

Bulletin has no description...

CVE-2014-3877

Incomplete blacklist vulnerability in Frams' Fast File EXchange FEX, aka fex before fex-20140530 allows remote attackers to conduct cross-site scripting XSS attacks via the addto parameter to fup...

CVE-2014-3877

Incomplete blacklist vulnerability in Frams' Fast File EXchange FEX, aka fex before fex-20140530 allows remote attackers to conduct cross-site scripting XSS attacks via the addto parameter to fup...

Cross site scripting

Incomplete blacklist vulnerability in Frams' Fast File EXchange FEX, aka fex before fex-20140530 allows remote attackers to conduct cross-site scripting XSS attacks via the addto parameter to fup...

CVE-2014-3877

CVE-2014-3877 affects Frams"e; Fast File EXchange (F*EX, fex) prior to fex-20140530. The issue is an incomplete blacklist that allows remote XSS via the addto parameter to fup. Connected advisories confirm multiple vendors/publications (e.g., Debian DLA-68-1) documenting fex exposure and release ...

CVE-2014-3876

CVE-2014-3876 relates to Frams’ Fast File Exchange (Fex) prior to fex-20140530, where multiple XSS vulnerabilities allow an attacker to inject script/HTML via the (1) akey parameter to rup, (2) disclaimer, or (3) gm parameter to fuc. The related OpenVAS entry confirms “Frams&qt Fast File EXchange...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in fup in Frams' Fast File EXchange FEX, aka fex before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the 1 to or 2 from parameters...

CVE-2012-1293

Multiple cross-site scripting XSS vulnerabilities in fup in Frams' Fast File EXchange FEX, aka fex before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the 1 to or 2 from parameters...

CVE-2012-0869

CVE-2012-0869 concerns FEX (Frams’ Fast File Exchange) via the vulnerable fup script. The issue is a Cross-Site Scripting (XSS) vulnerability exploitable through the id parameter, due to insufficient input sanitization. Affected product: F EX’s web service (fex) and its fup component, prior to 20...