Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter - IID: oval:org.secpod.oval:def:7935 | Date: (C)2012-11-21 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Novell File Reporter 1.0.2 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle requests on "/FSF/CMD" for records with NAME "FSFUI" and UICMD "126". Successful exploitation allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Novell File Reporter |