2 matches found
CVE-2017-16610
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within uploadsavedo.jsp. The issue results from the lack of proper validation of a...
CVE-2017-16610
NetGain Enterprise Manager is affected by a flaw in upload_save_do.jsp where a user-supplied path is not properly validated before file operations, enabling unauthenticated remote code execution under the current user context. The vulnerability is documented across multiple sources (NVD entry, ZD...