메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16610

관리자 2018.01.25 04:00 조회 수 : 173

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16610
번호 제목 글쓴이 날짜 조회 수
47 CVE-2015-6926 관리자 2018.01.25 106
46 CVE-2015-5258 (fedora, spring_social) 관리자 2017.08.27 106
45 CVE-2017-0039 관리자 2017.03.18 106
44 CVE-2017-0128 관리자 2017.03.18 105
43 CVE-2017-12115 관리자 2018.01.25 103
42 CVE-2015-1801 관리자 2017.08.27 102
41 CVE-2017-12970 (apache2triad) 관리자 2017.08.27 102
40 CVE-2015-6473 (wago_i/o_plc_750-849_firmware, wago_i/o_plc_758-870_firmware) 관리자 2017.08.27 102
39 CVE-2017-0140 관리자 2017.03.18 102
38 CVE-2017-16563 관리자 2017.11.09 101
37 CVE-2017-12679 관리자 2017.08.27 101
36 CVE-2017-13658 (imagemagick) 관리자 2017.08.27 101
35 CVE-2017-11357 관리자 2017.08.27 101
34 CVE-2017-0113 관리자 2017.03.18 101
33 CVE-2017-6559 관리자 2017.03.10 101
위로