CVE-2016-6534
https://notcve.org/view.php?id=CVE-2016-6534
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations. Opmantek NMIS en versiones anteriores a 4.3.7c tiene inyección de comandos a través de man, finger, ping, trace y nslookup en la secuencia de comandos CGI tools.pl. Versiones anteriores a 8.5.12G podrían verse afectadas en configuraciones no predeterminadas. • https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-5642
https://notcve.org/view.php?id=CVE-2016-5642
Opmantek NMIS before 8.5.12G has XSS via SNMP. Opmantek NMIS en versiones anteriores a 8.5.12G tiene XSS a través de SNMP. • https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •