Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4959

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4959
Last Modified 19 Nov 2012 02:24:52
Published 18 Nov 2012 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4959

Summary

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.

Vulnerable Systems

Application

  • Novell File Reporter 1.0.2


References

CERT-VN - VU#273371

MISC - https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959


Last Updated: 27 May 2016 10:51:48