Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
audit vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-44674
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated malicious user to read file outside of the restricted directory.
Opmantek Open-audit 4.2.0
9
CVSSv2
CVE-2020-12078
An issue exists in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is ...
Opmantek Open-audit 3.3.1
2 Github repositories
3.5
CVSSv2
CVE-2018-16607
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote malicious users to inject arbitrary web script via the Orgs name field.
Opmantek Open-audit 2.2.7
7.5
CVSSv2
CVE-2020-11942
An issue exists in Open-AudIT 3.2.2. There are Multiple SQL Injections.
Opmantek Open-audit 3.2.2
10
CVSSv2
CVE-2010-4449
Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not co...
Oracle Audit Vault 10.2.3.2
3.5
CVSSv2
CVE-2018-10314
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote malicious users to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Down...
Opmantek Open-audit 2.2.0
1 EDB exploit
6.5
CVSSv2
CVE-2021-41932
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...
Wolterskluwer Teammate\\+ Audit 28.0.19.0
7.5
CVSSv2
CVE-2018-6486
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Microfocus Fortify Audit Workbench 16.10
Microfocus Fortify Audit Workbench 16.20
Microfocus Fortify Audit Workbench 17.10
Microfocus Fortify Software Security Center 16.10
Microfocus Fortify Software Security Center 16.20
Microfocus Fortify Software Security Center 17.10
2.1
CVSSv2
CVE-2012-0421
The SUSE Audit Log Keeper daemon prior to 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.
Novell Suse Audit Log Keeper
6.8
CVSSv2
CVE-2014-5072
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin prior to 1.2.5 for WordPress allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Wpsecurityauditlog Wp Security Audit Log
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »