CVE-2012-4957

Novell File Reporter <1.0.2 - Path Traversal

Title source: llm

Description

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.

Exploits (2)

metasploit WORKING POC

by juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/novell_file_reporter_srs_fileaccess.rb

View Code ZIP pw:eip

exploitdb WORKING POC

pythonremotewindows

https://www.exploit-db.com/exploits/23323

View on exploitdb

References (2)

[US Government Resource] http://www.kb.cert.org/vuls/id/273371

[Third Party Advisory] https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959

Scores

EPSS 0.7556

EPSS Percentile 98.9%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

novell/file_reporter

Timeline

Published Nov 18, 2012

Tracked Since Feb 18, 2026