Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter (rpm)ID: oval:org.secpod.oval:def:7938 | Date: (C)2012-11-21 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Novell File Reporter 1.0.2 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle requests on "/FSF/CMD" for records with NAME "FSFUI" and UICMD "130". Successful exploitation allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Product: |
Novell File Reporter |