11 matches found
CVE-2019-16072
Affected product: NETSAS Enigma NMS (65.0.0 and earlier). Vulnerability: OS command injection in the discover_and_manage CGI script, caused by improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. Impact: attacker (authenticated) can execute arb...
CVE-2019-16068
Affected product: NETSAS ENIGMA NMS, version 65.0.0 and prior. Vulnerability type: Cross-Site Request Forgery (CSRF) that can coerce a user to submit a malicious manage_files.cgi request. Root cause (as stated): CSRF exists and can be triggered via XSS or an IFRAME tag embedded in the site. Impac...
CVE-2019-16062
NETSAS Enigma NMS 65.0.0 and earlier suffer from lack of encryption for data stored in the SQL database, enabling exposure of unencrypted sensitive data. Root cause: no encryption at rest for sensitive data. Impact: information disclosure to an attacker with access to the SQL database. The provid...
CVE-2019-16065
The CVE-2019-16065 entry concerns a remote SQL injection in Enigma NMS 65.0.0 and earlier web applications. Vulnerable component: manage_hosts_short.cgi parameter search_pattern (web CGI). Underlying issue: SQL injection in the web interface could allow an attacker to run SQL commands to extract ...
CVE-2019-16069
NETSAS Enigma NMS (65.0.0 and earlier) is affected by stored Cross‑Site Scripting (XSS) vulnerabilities that can allow an attacker to inject malicious client‑side code into the web application via SNMP. Public records from NVD/Red Hat/CNVD/CVE listings confirm the issue and describe the vulnerabi...
CVE-2019-16063
CVE-2019-16063 affects NETSAS Enigma NMS 65.0.0 and earlier. The vulnerability is an information disclosure where sensitive data rendered in web pages is not encrypted, allowing an attacker to expose unencrypted sensitive data. No exploit details or affected versions beyond 65.0.0 and prior are p...
CVE-2019-16061
CVE-2019-16061 affects NETSAS Enigma NMS server 65.0.0 and earlier. Affected files have weak world-readable and world-writable permissions, enabling low-privilege users with system access to read sensitive data (e.g., .htpasswd) and create/modify/delete files (e.g., under /var/www/html/docs). The...
CVE-2019-16067
NETSAS Enigma NMS 65.0.0 and earlier versions use basic authentication over HTTP to enforce access to the web application. The cleartext authentication traffic can allow an attacker to intercept and steal usernames and passwords. The connected documents corroborate this entry across multiple sour...
CVE-2019-16066
The CVE-2019-16066 entry describes an unrestricted file upload vulnerability in the NETSAS Enigma NMS product (version 65.0.0 and earlier) affecting both user and system file upload functions. The underlying issue enables an attacker to upload malicious files and perform arbitrary code execution ...
CVE-2019-16064
Summary: CVE-2019-16064 affects NETSAS Enigma NMS 65.0.0 and earlier. A directory traversal vulnerability allows an authenticated user to access files and directories outside the web root, enabling listing of OS directory contents, creating directories, uploading files, and modifying/deleting fil...
CVE-2019-16070
NETSAS Enigma NMS 65.0.0 and earlier contains stored XSS vulnerabilities (CVE-2019-16070) in the WEB application, exploitable through web form inputs. Root cause per sources: lack/insufficient validation of client-side data in the web app. Impact described as client-side code execution; CVSS data...