105 matches found
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16592
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16592
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
Design/Logic Flaw
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-16604
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-16600
This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2017-16601
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-16596
NetGain Systems Enterprise Manager 7.2.730 build 1034 is affected by CVE-2017-16596 due to a directory traversal/ improper validation flaw in the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which runs on port 8081 by default. Parsing the type parameter allows an attacker to use ...
CVE-2017-16591
NetGain Systems Enterprise Manager vulnerability CVE-2017-16591 involves the restore.download_005fdo_jsp servlet. The flaw arises when parsing the filename parameter, where user-supplied paths are not properly validated before file operations, enabling directory traversal. This affects installati...
CVE-2017-16590
CVE-2017-16590 affects NetGain Systems Enterprise Manager 7.2.699 build 1001. The vulnerability is in the MainFilter servlet where doFilter uses improper string matching, enabling an authentication bypass. It is a remote issue that requires user interaction to exploit and can allow an attacker to...
CVE-2017-16593
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-16596
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-17407
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided ...
CVE-2017-16598
This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...
CVE-2017-16597
CVE-2017-16597 affects NetGain Systems Enterprise Manager 7.2.730 build 1034. The issue is in TFtpServer handling of WRQ requests, where parsing of the Filename field does not properly validate a user-supplied path before using it in file operations, enabling remote code execution. Exploitation i...
CVE-2017-16600
NetGain Systems Enterprise Manager 7.2.730 build 1034 is affected by CVE-2017-16600 due to a directory traversal in the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet. The flaw occurs when parsing the filename parameter, which is used for file operations without pro...
CVE-2017-16597
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the...
CVE-2017-16606
NetGain Systems Enterprise Manager 7.2.730 build 1034 is affected by CVE-2017-16606. The flaw is in the servlet org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp, which listens on TCP port 8081 by default. During parsing of the filename parameter, the application does not properly validate ...
CVE-2017-16603
CVE-2017-16603 affects NetGain Systems Enterprise Manager 7.2.730 build 1034. The flaw is in the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet (port 8081 by default) where filename parameter handling fails to properly validate user-supplied data, allowing an attacker to upload ...
CVE-2017-16590
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the...