Download
| Alert*
oval:org.secpod.oval:def:600568
It was discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure. The ... oval:org.secpod.oval:def:600755 Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters. oval:org.secpod.oval:def:600740 It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem. |