2 results (0.053 seconds)

CVSS: 5.0EPSS: 48%CPEs: 4EXPL: 1

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. NFRAgent.exe en Novell File Reporter v1.0.4.2 y anteriores permite a atacantes remotos borrar ficheros de su elección a través de una ruta completa SRS OPERATION 4 CMD 5 en una petición /FSF/CMD. • http://aluigi.org/adv/nfr_2-adv.txt http://secunia.com/advisories/45071 http://securityreason.com/securityalert/8309 http://securitytracker.com/id?1025716 http://www.securityfocus.com/archive/1/518626/100/0/threaded • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 82%CPEs: 1EXPL: 0

Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. Desbordamiento de búfer de pila en NFRAgent.exe en Novell File Reporter (NFR) anterior a v1.0.2 permite a atacantes remotos ejecutar código arbitrario mediante datos XML no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the NFRAgent.exe component which listens by default on TCP port 3037. When handling the contents of an XML tag the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://download.novell.com/Download?buildid=rCAgCcbPH9s~ http://secunia.com/advisories/43975 http://securityreason.com/securityalert/8194 http://www.securityfocus.com/archive/1/517321/100/0/threaded http://www.securityfocus.com/bid/47144 http://www.securitytracker.com/id?1025292 http://www.vupen.com/english/advisories/2011/0866 http://www.zerodayinitiative.com/advisories/ZDI-11-116 https://exchange.xforce.ibmcloud.com/vulnerabilities/66548 https://oval.cisecurity.org/repository/search/definiti • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •