[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter - I

ID: oval:org.secpod.oval:def:7935Date: (C)2012-11-21   (M)2022-10-10
Class: VULNERABILITYFamily: windows




The host is installed with Novell File Reporter 1.0.2 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle requests on "/FSF/CMD" for records with NAME "FSFUI" and UICMD "126". Successful exploitation allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.

Platform:
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product:
Novell File Reporter
Reference:
CVE-2012-4958
CVE    1
CVE-2012-4958
CPE    2
cpe:/a:novell:file_reporter:1.0.2
cpe:/a:novell:file_reporter

© SecPod Technologies