Novell File Reporter NFRAgent FSFUI Record File Upload Exploit

This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2012-4959
Product Version: 
12.5
Released Date: 
Thursday, December 6, 2012 - 00:00