CVE-2026-34951

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

CVE-2026-35178

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2026-35178

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2026-35178 Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2026-35178

The CVE-2026-35178 affects Salesforce Workbench (admin/developer tooling) prior to version 65.0.0. A remote code execution vulnerability exists in the timezone conversion flow that processes attacker-controlled cookie values in an unsafe manner. Impact is described as high for confidentiality and...

EUVD-2026-19357

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

CVE-2026-34951

What is affected: Salesforce Workbench (admin/developer tooling for Force.com APIs). Vulnerability: Reflected cross-site scripting via the footerScripts parameter that does not sanitize user input before rendering in the page response. Root cause / detail: Improper neutralization of input during ...

PT-2026-30712

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2019-16068

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

CVE-2019-16071

Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing...

Enigma NMS Privilege Control Bypass Vulnerability

NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier. An attacker can exploit this vulnerability to bypass authorization controls and perform operations as an administrator...

NETSAS Enigma NMS Directory Traversal Vulnerability

NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A path traversal vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier. The vulnerability stems from the failure of a network system or product to properly filter special elements in the...

Netsas Enigma NMS Code Execution Vulnerability

NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in the user and system file upload functionality in NETSAS Enigma NMS version 65.0.0 and earlier. An attacker can exploit the vulnerability to upload malicious files and...

CVE-2019-16068

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

Cross site request forgery (csrf)

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

CVE-2019-16071

CVE-2019-16071 affects Enigma NMS 65.0.0 and earlier. Affected component/feature allows an administrative-privilege bypass: low-privilege users can bypass authorization controls and perform actions as an administrator by sending requests in an administrator context. The provided connected documen...

CVE-2019-16065

A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user...

Enigma NMS 65.0.0 - OS Command Injection Exploit

Exploit for multiple platform in category web applications !/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor...