CVE-2012-4958

Novell File Reporter 1.0.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4958. PoCs published by juan vazquez, including Metasploit module auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess.

AI-analyzed exploit summary This exploit leverages a remote code execution vulnerability in Novell File Reporter Agent by sending a crafted XML payload to trigger arbitrary command execution via a malicious MOF file. The exploit uses WMI event subscription to execute commands and retrieve results.

Description

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.

Exploits (2)

exploitdb WORKING POC

pythonremotewindows

https://www.exploit-db.com/exploits/23323

View Code ZIP pw:eip

This exploit leverages a remote code execution vulnerability in Novell File Reporter Agent by sending a crafted XML payload to trigger arbitrary command execution via a malicious MOF file. The exploit uses WMI event subscription to execute commands and retrieve results.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Novell File Reporter Agent

No auth needed

Prerequisites: Network access to the target system on port 3037

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1047 - Windows Management Instrumentation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC

by juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/novell_file_reporter_fsfui_fileaccess.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Novell File Reporter (NFR) Agent to retrieve arbitrary text files via crafted FSFUI records. It sends a POST request to /FSF/CMD with a traversal payload to access files outside the intended directory.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Novell File Reporter (NFR) Agent 1.0.4.3, 1.0.3.22

No auth needed

Prerequisites: Network access to the target on port 3037 (SSL)

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/273371

Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959

Scores

EPSS 0.7356

EPSS Percentile 98.8%

Details

CWE

CWE-22

Status published

Products (1)

novell/file_reporter 1.0.2

Published Nov 18, 2012

Tracked Since Feb 18, 2026