CVSS: 7.8EPSS: 97%CPEs: 1EXPL: 1CVE-2012-4958 – Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-4958
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. Una vulnerabilidad de salto de directorio en NFRAgent.exe en Novell File Reporter v1.0.2 permite cargar y ejecutar archivos a atacantes remotos a través de una petición 126 /FSF/CMD con un .. (punto punto) en un elemento FILE de un registro FSFUI. • https://www.exploit-db.com/exploits/23323 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 1CVE-2012-4956 – NFR Agent Heap Overflow
https://notcve.org/view.php?id=CVE-2012-4956
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. Una vulnerabilidad de desbordamiento de buffer basado en memoria dinámica en NFRAgent.exe en Novell File Reporter v1.0.2 permite ejecutar código de su elección a atacantes remotos a través de un numero de elementos VOL demasiado grande en un registro SRS. • http://osvdb.org/87574 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 97%CPEs: 1EXPL: 1CVE-2012-4957 – Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-4957
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. Una vulnerabilidad de salto de directorio absoluto en NFRAgent.exe en Novell File Reporter v1.0.2 permite leer archivos a atacantes remotos a través de una petición /FSF/CMD con una ruta completa en un elemento PATH de un registro SRS. • https://www.exploit-db.com/exploits/23323 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 41%CPEs: 1EXPL: 2CVE-2012-4959 – Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-4959
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. Una vulnerabilidad de salto de directorio en NFRAgent.exe en Novell File Reporter v1.0.2 permite cargar y ejecutar archivos a atacantes remotos a través de una petición 130 /FSF/CMD con un .. (punto punto) en un elemento FILE de un registro FSFUI. • https://www.exploit-db.com/exploits/23323 https://www.exploit-db.com/exploits/22787 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 48%CPEs: 4EXPL: 1CVE-2011-2750 – Novell File Reporter Agent Arbitrary File Delete
https://notcve.org/view.php?id=CVE-2011-2750
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. NFRAgent.exe en Novell File Reporter v1.0.4.2 y anteriores permite a atacantes remotos borrar ficheros de su elección a través de una ruta completa SRS OPERATION 4 CMD 5 en una petición /FSF/CMD. • http://aluigi.org/adv/nfr_2-adv.txt http://secunia.com/advisories/45071 http://securityreason.com/securityalert/8309 http://securitytracker.com/id?1025716 http://www.securityfocus.com/archive/1/518626/100/0/threaded • CWE-399: Resource Management Errors •