5 results (0.010 seconds)

CVSS: 7.8EPSS: 97%CPEs: 1EXPL: 1

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. Una vulnerabilidad de salto de directorio en NFRAgent.exe en Novell File Reporter v1.0.2 permite cargar y ejecutar archivos a atacantes remotos a través de una petición 126 /FSF/CMD con un .. (punto punto) en un elemento FILE de un registro FSFUI. • https://www.exploit-db.com/exploits/23323 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 1

Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record. Una vulnerabilidad de desbordamiento de buffer basado en memoria dinámica en NFRAgent.exe en Novell File Reporter v1.0.2 permite ejecutar código de su elección a atacantes remotos a través de un numero de elementos VOL demasiado grande en un registro SRS. • http://osvdb.org/87574 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 97%CPEs: 1EXPL: 1

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. Una vulnerabilidad de salto de directorio absoluto en NFRAgent.exe en Novell File Reporter v1.0.2 permite leer archivos a atacantes remotos a través de una petición /FSF/CMD con una ruta completa en un elemento PATH de un registro SRS. • https://www.exploit-db.com/exploits/23323 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 41%CPEs: 1EXPL: 2

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. Una vulnerabilidad de salto de directorio en NFRAgent.exe en Novell File Reporter v1.0.2 permite cargar y ejecutar archivos a atacantes remotos a través de una petición 130 /FSF/CMD con un .. (punto punto) en un elemento FILE de un registro FSFUI. • https://www.exploit-db.com/exploits/23323 https://www.exploit-db.com/exploits/22787 http://www.kb.cert.org/vuls/id/273371 https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 48%CPEs: 4EXPL: 1

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD. NFRAgent.exe en Novell File Reporter v1.0.4.2 y anteriores permite a atacantes remotos borrar ficheros de su elección a través de una ruta completa SRS OPERATION 4 CMD 5 en una petición /FSF/CMD. • http://aluigi.org/adv/nfr_2-adv.txt http://secunia.com/advisories/45071 http://securityreason.com/securityalert/8309 http://securitytracker.com/id?1025716 http://www.securityfocus.com/archive/1/518626/100/0/threaded • CWE-399: Resource Management Errors •