86 matches found
Command injection
An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...
Unspecified Vulnerability in NETSAS Enigma NMS (CNVD-2020-18992)
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS server 65.0.0 and earlier versions. The vulnerability can be exploited by an attacker to gain access to the system, read sensitive data and create,...
NETSAS Enigma NMS Cross-Site Scripting Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A cross-site scripting vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...
Netsas Enigma NMS Code Execution Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in the user and system file upload functionality in NETSAS Enigma NMS version 65.0.0 and earlier. An attacker can exploit the vulnerability to upload malicious files and...
NETSAS Enigma NMS Information Disclosure Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and prior versions, which originates from the program not encrypting data stored in the SQL database. An attacker can exploit the...
NETSAS Enigma NMS Directory Traversal Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A path traversal vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier. The vulnerability stems from the failure of a network system or product to properly filter special elements in the...
Enigma NMS Privilege Control Bypass Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier. An attacker can exploit this vulnerability to bypass authorization controls and perform operations as an administrator...
NETSAS Enigma NMS Information Disclosure Vulnerability
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and prior versions, which originates from the program's failure to encrypt sensitive data rendered in a web page. An attacker can...
NETSAS Enigma NMS Cross-Site Scripting Vulnerability (CNVD-2020-18995)
NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A cross-site scripting vulnerability exists in NETSAS Enigma NMS version 65.0.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...
CVE-2019-16068
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...
CVE-2019-16069
A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol...
CVE-2019-16068
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...
CVE-2019-16069
A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol...
CVE-2019-16063
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...
CVE-2019-16063
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...
Cross site scripting
A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol...
Code injection
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...
Cross site request forgery (csrf)
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...
CVE-2019-16072
Affected product: NETSAS Enigma NMS (65.0.0 and earlier). Vulnerability: OS command injection in the discover_and_manage CGI script, caused by improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. Impact: attacker (authenticated) can execute arb...
CVE-2019-16072
An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...