메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16610

관리자 2018.01.25 04:00 조회 수 : 173

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16610
번호 제목 글쓴이 날짜 조회 수
467 CVE-2017-16545 (graphicsmagick) 관리자 2017.11.09 133
466 CVE-2017-0045 관리자 2017.03.18 134
465 CVE-2017-0042 관리자 2017.03.18 134
464 CVE-2017-0122 관리자 2017.03.18 134
463 CVE-2017-7397 관리자 2017.04.04 134
462 CVE-2015-7257 관리자 2017.08.27 134
461 CVE-2016-5816 관리자 2017.08.27 134
460 CVE-2016-3213 관리자 2016.06.17 135
459 CVE-2017-15672 관리자 2017.11.09 135
458 CVE-2017-13132 (imagemagick) 관리자 2017.08.27 136
457 CVE-2017-13686 관리자 2017.08.27 136
456 CVE-2017-0109 관리자 2017.03.18 137
455 CVE-2017-12965 (apache2triad) 관리자 2017.08.27 137
454 CVE-2017-2865 관리자 2017.11.09 137
453 CVE-2017-2922 관리자 2017.11.09 137
위로