Mark Cross

3 exploits Active since Mar 2020
CVE-2019-16068 EXPLOITDB HIGH html WORKING POC
NETSAS ENIGMA NMS <65.0.0 - CSRF
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.
CVSS 8.8
CVE-2019-16072 EXPLOITDB CRITICAL python WORKING POC
NETSAS Enigma NMS <65.0.0 - Command Injection
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
CVSS 9.8
CVE-2019-16065 EXPLOITDB HIGH text WORKING POC
Enigma NMS 65.0.0 - SQL Injection
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
CVSS 8.8