NFR Agent FSFUI Record Arbitrary Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFR Agent FSFUI Record Arbitrary Remote File Access', 'Description' = %q NFRAgent.exe, a component of Novell File Reporter NFR, allows remote...

CVE-2012-4958

creationtimestamp| type| source ---|---|--- 2012-12-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/23323 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/novellfilereporterfsfuifileaccess.rb 2025-02-06...

CVE-2012-4958

CVE-2012-4958: In Novell File Reporter NFRAgent.exe 1.0.2, a directory traversal allows remote attackers to read arbitrary files by sending a crafted FSF/CMD request containing .. in a FILE element of an FSFUI record. This is described as a lack of proper authorization on certain FSF/CMD requests...

NFR Agent FSFUI Record Arbitrary Remote File Access

NFRAgent.exe, a component of Novell File Reporter NFR, allows remote attackers to retrieve arbitrary text files via a directory traversal while handling requests to /FSF/CMD with an FSFUI record with UICMD 126. This module has been tested successfully against NFR Agent 1.0.4.3 File Reporter 1.0.2...