SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Dashboard Server. The vulnerability is caused due to improper validation of malicious HTTP requests to the Dashboard server appended with ‘?’ character, which discloses the Dashboard server’s web script physical path.
POC : Download here.
More information can be found here.
CVE Info : CVE-2012-1464
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team