xerubus

6 exploits Active since Jul 2019
CVE-2019-13494 EXPLOITDB HIGH python WORKING POC
Castlerock Simple Network Management ... - Out-of-Bounds Write
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
CVSS 7.8
CVE-2019-14927 EXPLOITDB HIGH python WORKING POC
Mitsubishi Electric and INEA ME-RTU Firmware < 2.02 and < 3.0 - Unauthenticated Sensitive Configuration Download
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
CVSS 7.5
CVE-2019-14931 EXPLOITDB CRITICAL python WORKING POC
Mitsubishielectric Smartrtu Firmware < 2.02 - OS Command Injection
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
CVSS 9.8
CVE-2019-16068 EXPLOITDB HIGH html WORKING POC
NETSAS ENIGMA NMS < 65.0.0 - Cross-Site Request Forgery via manage_files.cgi
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.
CVSS 8.8
CVE-2019-16072 EXPLOITDB CRITICAL python WORKING POC
NETSAS Enigma NMS <65.0.0 - Command Injection
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
CVSS 9.8
CVE-2019-16065 EXPLOITDB HIGH text WORKING POC
Enigma NMS < 65.0.0 - SQL Injection via manage_hosts_short.cgi search_pattern Parameter
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.
CVSS 8.8