- EPSS 37.72%
- Veröffentlicht 18.11.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:58
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
CVE-2012-4957
- EPSS 67.09%
- Veröffentlicht 18.11.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:58
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
CVE-2012-4958
- EPSS 73.51%
- Veröffentlicht 18.11.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:58
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
- EPSS 71.19%
- Veröffentlicht 18.11.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:58
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
- EPSS 16.68%
- Veröffentlicht 17.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:55
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
- EPSS 16.06%
- Veröffentlicht 14.07.2011 23:55:02
- Zuletzt bearbeitet 16.06.2026 23:30:57
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.
- EPSS 17.94%
- Veröffentlicht 10.04.2011 02:55:01
- Zuletzt bearbeitet 16.06.2026 23:28:25
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.