Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audit vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-11124
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition prior to 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
Opmantek Open-audit
1 EDB exploit
7.5
CVSSv2
CVE-2018-6486
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Microfocus Fortify Audit Workbench 16.10
Microfocus Fortify Audit Workbench 16.20
Microfocus Fortify Audit Workbench 17.10
Microfocus Fortify Software Security Center 16.10
Microfocus Fortify Software Security Center 16.20
Microfocus Fortify Software Security Center 17.10
4.3
CVSSv2
CVE-2021-3333
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
Opmantek Open-audit 4.0.1
7.5
CVSSv2
CVE-2020-11942
An issue exists in Open-AudIT 3.2.2. There are Multiple SQL Injections.
Opmantek Open-audit 3.2.2
4.3
CVSSv2
CVE-2019-1003076
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Audit To Database
4
CVSSv2
CVE-2019-1003077
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Audit To Database
3.5
CVSSv2
CVE-2018-10314
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote malicious users to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Down...
Opmantek Open-audit 2.2.0
1 EDB exploit
3.5
CVSSv2
CVE-2018-16607
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote malicious users to inject arbitrary web script via the Orgs name field.
Opmantek Open-audit 2.2.7
10
CVSSv2
CVE-2010-4449
Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not co...
Oracle Audit Vault 10.2.3.2
3.5
CVSSv2
CVE-2021-24445
The My Site Audit WordPress plugin up to and including 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticat...
Draftpress My Site Audit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »