메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16610

관리자 2018.01.25 04:00 조회 수 : 173

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16610
번호 제목 글쓴이 날짜 조회 수
47 CVE-2015-6926 관리자 2018.01.25 106
46 CVE-2015-5258 (fedora, spring_social) 관리자 2017.08.27 105
45 CVE-2017-0128 관리자 2017.03.18 105
44 CVE-2017-0039 관리자 2017.03.18 105
43 CVE-2017-12115 관리자 2018.01.25 102
42 CVE-2015-1801 관리자 2017.08.27 102
41 CVE-2017-0140 관리자 2017.03.18 102
40 CVE-2017-16563 관리자 2017.11.09 101
39 CVE-2017-12679 관리자 2017.08.27 101
38 CVE-2017-13658 (imagemagick) 관리자 2017.08.27 101
37 CVE-2017-11357 관리자 2017.08.27 101
36 CVE-2017-12970 (apache2triad) 관리자 2017.08.27 101
35 CVE-2015-6473 (wago_i/o_plc_750-849_firmware, wago_i/o_plc_758-870_firmware) 관리자 2017.08.27 101
34 CVE-2017-6559 관리자 2017.03.10 101
33 CVE-2017-7326 관리자 2018.01.25 100
위로