Directory traversal vulnerability in Novell File Reporter - I (rpm)ID: oval:org.secpod.oval:def:7939 | Date: (C)2012-11-21 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Novell File Reporter 1.0.2 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle requests on "/FSF/CMD" for records with NAME "FSFUI" and UICMD "126". Successful exploitation allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
Product: |
Novell File Reporter |