CVE-2012-4957

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record...

NFR Agent SRS Record Arbitrary Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFR Agent SRS Record Arbitrary Remote File Access', 'Description' = %q NFRAgent.exe, a component of Novell File Reporter NFR, allows remote...

Novell File Reporter SRS Arbitrary File Retrieval (CVE-2012-4957)

A file retrieval vulnerability has been reported in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests. A remote attacker can exploit this issue by sending a specially crafted request to the affected service. Successful exploitation could result in arbitra...

NFR Agent SRS Record Arbitrary Remote File Access

NFRAgent.exe, a component of Novell File Reporter NFR, allows remote attackers to retrieve arbitrary files via a request to /FSF/CMD with a SRS Record with OPERATION 4 and CMD 103, specifying a full pathname. This module has been tested successfully against NFR Agent 1.0.4.3 File Reporter 1.0.2 a...