Novell File Reporter vulnerabilities

6 known vulnerabilities affecting novell/file_reporter.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2012-4959CRITICALCVSS 10.0PoCv1.0.22012-11-18
CVE-2012-4959 [CRITICAL] CWE-22 CVE-2012-4959: Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attack Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
nvd
CVE-2012-4956CRITICALCVSS 10.0v1.0.22012-11-18
CVE-2012-4956 [CRITICAL] CWE-119 CVE-2012-4956: Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
nvd
CVE-2012-4958HIGHCVSS 7.8PoCv1.0.22012-11-18
CVE-2012-4958 [HIGH] CWE-22 CVE-2012-4958: Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attack Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
nvd
CVE-2012-4957HIGHCVSS 7.8PoCv1.0.22012-11-18
CVE-2012-4957 [HIGH] CWE-22 CVE-2012-4957: Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote at Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
nvd
CVE-2011-2750MEDIUMCVSS 5.0≤ 1.0.4.2v1.0.1+2 more2011-07-17
CVE-2011-2750 [MEDIUM] CWE-399 CVE-2011-2750: NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
nvd
CVE-2011-0994CRITICALCVSS 10.0≤ 1.0.12011-04-10
CVE-2011-0994 [CRITICAL] CWE-119 CVE-2011-0994: Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
nvd