Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audit vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-11942
An issue exists in Open-AudIT 3.2.2. There are Multiple SQL Injections.
Opmantek Open-audit 3.2.2
8.8
CVSSv3
CVE-2020-11943
An issue exists in Open-AudIT 3.2.2. There is Arbitrary file upload.
Opmantek Open-audit 3.2.2
8.8
CVSSv3
CVE-2020-12078
An issue exists in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is ...
Opmantek Open-audit 3.3.1
2 Github repositories
5.4
CVSSv3
CVE-2020-12261
Open-AudIT 3.3.0 allows an XSS attack after login.
Opmantek Open-audit 3.3.0
6.5
CVSSv3
CVE-2021-44674
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated malicious user to read file outside of the restricted directory.
Opmantek Open-audit 4.2.0
6.1
CVSSv3
CVE-2021-3333
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
Opmantek Open-audit 4.0.1
8.8
CVSSv3
CVE-2019-1003075
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Audit To Database -
6.5
CVSSv3
CVE-2019-1003077
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Audit To Database
8.8
CVSSv3
CVE-2014-5072
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin prior to 1.2.5 for WordPress allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Wpsecurityauditlog Wp Security Audit Log
7.8
CVSSv3
CVE-2021-44035
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.
Wolterskluwer Teammate Audit Management 12.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »