Abstract: Description :The version of Novell File Reporter Agent running on the remote host has an arbitrary file download vulnerability. Making a specially crafted POST request to /FSF/CMD for records with a name of FSFUI and UICMD of 126 could result in arbitrary files being downloaded. A remote, unauthenticated attacker could exploit this to download arbitrary files as root (against Linux targets) or SYSTEM (against Windows targets)
Document ID: 5154353
Security Alert: Yes
Distribution Type: Public
Entitlement Required: No
Files:
Document ID: 5154353
Security Alert: Yes
Distribution Type: Public
Entitlement Required: No
Files:
- NFR 1.0 Security Patch.zip (4.22 MB)
- File Reporter
- File Reporter 1.0.1
- File Reporter 1.0.2
- File Management Suite 1.1
