3 matches found
CVE-2017-16592
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16592
NetGain Systems Enterprise Manager 7.2.730 build 1034 contains a directory traversal flaw in the common.download_jsp servlet (listening on port 8081 by default). The vulnerability occurs when parsing the filename parameter, where user-supplied paths are not properly validated before file operatio...