CVE-2018-16061

Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...

Mitsubishi Electric SmartRTU Cross-site Scripting (CVE-2018-16061)

Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 PoC Request POST...

Mitsubishi Electric / INEA SmartRTU Cross Site Scripting

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...

CVE-2018-16061

creationtimestamp| type| source ---|---|--- 2021-10-16 00:28:56+00:00| seen| https://t.me/cibsecurity/30666...

CVE-2018-16061

Summary: CVE-2018-16061 affects Mitsubishi Electric SmartRTU devices, enabling cross‑site scripting via the username parameter or PATH_INFO to login.php. Root cause: likely lack of proper validation/escaping on login.php inputs (insufficient input sanitization). Impact: XSS in the SmartRTU web in...

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

CVE-2019-16061

CVE-2019-16061 affects NETSAS Enigma NMS server 65.0.0 and earlier. Affected files have weak world-readable and world-writable permissions, enabling low-privilege users with system access to read sensitive data (e.g., .htpasswd) and create/modify/delete files (e.g., under /var/www/html/docs). The...

CVE-2017-16061

tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...