NetGain Systems Enterprise Manager CVE-2017-16605 Directory Traversal Vulnerability

NetGain Systems Enterprise Manager is prone to a directory-traversal vulnerability.

Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application.

Information

Bugtraq ID: 102512
Class: Input Validation Error
CVE: CVE-2017-16605

Remote: Yes
Local: No
Published: Jan 13 2018 12:00AM
Updated: Jan 13 2018 12:00AM
Credit: rgod
Vulnerable: NetGain Systems Enterprise Manager 0

Not Vulnerable: NetGain Systems Enterprise Manager 7.2.766

Exploit

An attacker can use readily available tools to exploit this issue.

References:

NetGain Systems Homepage (NetGain Systems)
ZDI-17-970: NetGain Systems Enterprise Manager db.save_005fattrs_jsp id Director (ZDI)

Source: www.securityfocus.com

Exploit Collector

Search Exploit