2 matches found
CVE-2017-16603
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...
CVE-2017-16603
CVE-2017-16603 affects NetGain Systems Enterprise Manager 7.2.730 build 1034. The flaw is in the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet (port 8081 by default) where filename parameter handling fails to properly validate user-supplied data, allowing an attacker to upload ...