95 matches found
PT-2026-24766
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content'...
EUVD-2017-7800
Malware in sbrugna...
EUVD-2017-7798
Malware in sbrugna...
EUVD-2018-2658
Malware in sbrugna...
EUVD-2018-2659
Malware in sbrugna...
VulnCheck KEV: CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...
NetGain Enterprise Manager OS Command Injection Vulnerability
NetGain Enterprise Manager EM is a plug-and-play hardware IT infrastructure monitoring and management appliance developed by NetGain Systems. NetGain Enterprise Manager EM before 10.0.57 suffers from an OS command injection vulnerability that can be exploited by a remote authenticated attacker to...
NetGain Enterprise Manager Cross-Site Scripting Vulnerability
NetGain Enterprise Manager EM is a plug-and-play hardware IT infrastructure monitoring and management appliance developed by NetGain Systems. A stored cross-site scripting vulnerability exists in NetGain Enterprise Manager EM before 10.1.12, which can be exploited by remote attackers to execute...
CVE-2018-10586
NetGain Enterprise Manager EM is affected by multiple Stored Cross-Site Scripting XSS vulnerabilities in versions before 10.1.12...
CVE-2018-10586
NetGain Enterprise Manager EM is affected by multiple Stored Cross-Site Scripting XSS vulnerabilities in versions before 10.1.12...
CVE-2018-10587
NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...
CVE-2018-10587
NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...
Cross site scripting
NetGain Enterprise Manager EM is affected by multiple Stored Cross-Site Scripting XSS vulnerabilities in versions before 10.1.12...
CVE-2018-10587
CVE-2018-10587 affects NetGain Enterprise Manager (EM) prior to version 10.0.57. The connected sources confirm an OS command injection vulnerability that can be exploited by a remote authenticated attacker to inject arbitrary code, resulting in remote code execution. The issue is documented acros...
CVE-2018-10586
NetGain Enterprise Manager EM is affected by multiple Stored Cross-Site Scripting XSS vulnerabilities in versions before 10.1.12...
CVE-2018-10586
Product: NetGain Enterprise Manager (EM). Vulnerability: Stored Cross-Site Scripting (XSS) affecting EM prior to version 10.1.12. The CNVD/NVD entries confirm multiple stored XSS vulnerabilities in EM, allowing remote attackers to execute arbitrary script code or access sensitive browser-based in...
CVE-2018-10587
NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...
CVE-2017-16605
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...
CVE-2017-16609
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation ...