Lucene search
K

54 matches found

osv
osv
added 2020/03/19 11:15 p.m.6 views

CVE-2019-16063

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

7.5CVSS5.8AI score0.00666EPSS
Exploits0References1
prion
prion
added 2020/03/19 11:15 p.m.10 views

Cross site request forgery (csrf)

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

6.8CVSS8.2AI score0.00947EPSS
Exploits5References1Affected Software1
prion
prion
added 2020/03/19 11:15 p.m.18 views

Code injection

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

5CVSS7.5AI score0.00666EPSS
Exploits0References1Affected Software1
prion
prion
added 2020/03/19 11:15 p.m.14 views

Cross site scripting

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol...

4.3CVSS6.1AI score0.00686EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/03/19 11:6 p.m.23 views

CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

9.8AI score0.25279EPSS
Exploits5References1
cve
cve
added 2020/03/19 11:6 p.m.118 views

CVE-2019-16072

Affected product: NETSAS Enigma NMS (65.0.0 and earlier). Vulnerability: OS command injection in the discover_and_manage CGI script, caused by improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. Impact: attacker (authenticated) can execute arb...

10CVSS9.8AI score0.25279EPSS
Exploits5References1Affected Software1
cvelist
cvelist
added 2020/03/19 10:58 p.m.19 views

CVE-2019-16069

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol...

6.2AI score0.00686EPSS
Exploits1References1
cve
cve
added 2020/03/19 10:58 p.m.70 views

CVE-2019-16069

NETSAS Enigma NMS (65.0.0 and earlier) is affected by stored Cross‑Site Scripting (XSS) vulnerabilities that can allow an attacker to inject malicious client‑side code into the web application via SNMP. Public records from NVD/Red Hat/CNVD/CVE listings confirm the issue and describe the vulnerabi...

6.1CVSS6.1AI score0.00686EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/03/19 10:56 p.m.43 views

CVE-2019-16068

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

8.4AI score0.00947EPSS
Exploits5References1
cve
cve
added 2020/03/19 10:56 p.m.101 views

CVE-2019-16068

Affected product: NETSAS ENIGMA NMS, version 65.0.0 and prior. Vulnerability type: Cross-Site Request Forgery (CSRF) that can coerce a user to submit a malicious manage_files.cgi request. Root cause (as stated): CSRF exists and can be triggered via XSS or an IFRAME tag embedded in the site. Impac...

8.8CVSS8.2AI score0.00947EPSS
Exploits5References1Affected Software1
cvelist
cvelist
added 2020/03/19 10:21 p.m.21 views

CVE-2019-16063

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...

7.5AI score0.00666EPSS
Exploits0References1
osv
osv
added 2020/03/19 6:15 p.m.3 views

CVE-2019-16070

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...

6.1CVSS6.4AI score0.00691EPSS
Exploits1References1
nvd
nvd
added 2020/03/19 6:15 p.m.16 views

CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...

7.5CVSS7.7AI score0.00785EPSS
Exploits1References1
nvd
nvd
added 2020/03/19 6:15 p.m.19 views

CVE-2019-16066

An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system...

9CVSS8.9AI score0.02239EPSS
Exploits1References1
osv
osv
added 2020/03/19 6:15 p.m.2 views

CVE-2019-16066

An unrestricted file upload vulnerability exists in user and system file upload functions in NETSAS Enigma NMS 65.0.0 and prior. This allows an attacker to upload malicious files and perform arbitrary code execution on the system...

8.8CVSS7.8AI score0.02239EPSS
Exploits1References1
osv
osv
added 2020/03/19 6:15 p.m.4 views

CVE-2019-16064

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory...

9.6CVSS7.3AI score0.01306EPSS
Exploits1References1
nvd
nvd
added 2020/03/19 6:15 p.m.29 views

CVE-2019-16062

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data...

6.5CVSS6.7AI score0.00756EPSS
Exploits1References1
alpinelinux
alpinelinux
added 2020/03/19 6:15 p.m.61 views

CVE-2019-16062

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data...

6.5CVSS6.7AI score0.00756EPSS
Exploits1
prion
prion
added 2020/03/19 6:15 p.m.14 views

Authentication flaw

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...

5CVSS7.8AI score0.00785EPSS
Exploits1References1Affected Software1
prion
prion
added 2020/03/19 6:15 p.m.11 views

Cross site scripting

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...

4.3CVSS6.2AI score0.00691EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder