Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opmantek open-audit vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-16293
The Create Discoveries feature of Open-AudIT prior to 3.2.0 allows an authenticated malicious user to execute arbitrary OS commands via a crafted value for a URL field.
Opmantek Open-audit
3.5
CVSSv2
CVE-2018-11124
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition prior to 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
Opmantek Open-audit
1 EDB exploit
4.3
CVSSv2
CVE-2021-3130
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the ...
Opmantek Open-audit
1 Github repository
7.5
CVSSv2
CVE-2021-40612
An issue exists in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
Opmantek Open-audit
4.3
CVSSv2
CVE-2021-44916
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
Opmantek Open-audit
6.5
CVSSv2
CVE-2020-11941
An issue exists in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
Opmantek Open-audit 3.2.2
7.5
CVSSv2
CVE-2020-11942
An issue exists in Open-AudIT 3.2.2. There are Multiple SQL Injections.
Opmantek Open-audit 3.2.2
9
CVSSv2
CVE-2020-12078
An issue exists in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is ...
Opmantek Open-audit 3.3.1
2 Github repositories
3.5
CVSSv2
CVE-2018-10314
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote malicious users to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Down...
Opmantek Open-audit 2.2.0
1 EDB exploit
3.5
CVSSv2
CVE-2020-12261
Open-AudIT 3.3.0 allows an XSS attack after login.
Opmantek Open-audit 3.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »