Opmantek
Products
4- 14 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6534 | Hig | 0.49 | 7.5 | 0.04 | Apr 10, 2017 | Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations. | ||
| CVE-2016-5642 | Med | 0.35 | 5.4 | 0.00 | Apr 10, 2017 | Opmantek NMIS before 8.5.12G has XSS via SNMP. | ||
| CVE-2021-44916 | 0.03 | — | 0.04 | Dec 20, 2021 | Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. | |||
| CVE-2020-12261 | 0.03 | — | 0.00 | Apr 28, 2020 | Open-AudIT 3.3.0 allows an XSS attack after login. | |||
| CVE-2018-14493 | 0.03 | — | 0.02 | Jul 25, 2018 | Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||
| CVE-2018-11124 | 0.03 | — | 0.00 | Jul 6, 2018 | Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | |||
| CVE-2018-10314 | 0.03 | — | 0.00 | May 10, 2018 | Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | |||
| CVE-2018-9137 | 0.03 | — | 0.02 | Apr 19, 2018 | Open-AudIT before 2.2 has CSV Injection. | |||
| CVE-2018-9155 | 0.03 | — | 0.00 | Apr 12, 2018 | Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section… | |||
| CVE-2018-8979 | 0.03 | — | 0.00 | Mar 25, 2018 | Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||
| CVE-2018-8903 | 0.03 | — | 0.00 | Mar 22, 2018 | Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||
| CVE-2021-44674 | 0.00 | — | 0.00 | Jan 3, 2022 | An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | |||
| CVE-2020-11943 | 0.00 | — | 0.03 | Apr 29, 2020 | An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. | |||
| CVE-2020-11942 | 0.00 | — | 0.00 | Apr 29, 2020 | An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. | |||
| CVE-2020-11941 | 0.00 | — | 0.04 | Apr 27, 2020 | An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. | |||
| CVE-2019-16293 | 0.00 | — | 0.01 | Sep 13, 2019 | The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | |||
| CVE-2018-16607 | 0.00 | — | 0.00 | Sep 19, 2018 | Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. |
- risk 0.49cvss 7.5epss 0.04
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
- risk 0.35cvss 5.4epss 0.00
Opmantek NMIS before 8.5.12G has XSS via SNMP.
- CVE-2021-44916Dec 20, 2021risk 0.03cvss —epss 0.04
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
- CVE-2020-12261Apr 28, 2020risk 0.03cvss —epss 0.00
Open-AudIT 3.3.0 allows an XSS attack after login.
- CVE-2018-14493Jul 25, 2018risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
- CVE-2018-11124Jul 6, 2018risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
- CVE-2018-10314May 10, 2018risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
- CVE-2018-9137Apr 19, 2018risk 0.03cvss —epss 0.02
Open-AudIT before 2.2 has CSV Injection.
- CVE-2018-9155Apr 12, 2018risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section…
- CVE-2018-8979Mar 25, 2018risk 0.03cvss —epss 0.00
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
- CVE-2018-8903Mar 22, 2018risk 0.03cvss —epss 0.00
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
- CVE-2021-44674Jan 3, 2022risk 0.00cvss —epss 0.00
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
- CVE-2020-11943Apr 29, 2020risk 0.00cvss —epss 0.03
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
- CVE-2020-11942Apr 29, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
- CVE-2020-11941Apr 27, 2020risk 0.00cvss —epss 0.04
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
- CVE-2019-16293Sep 13, 2019risk 0.00cvss —epss 0.01
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
- CVE-2018-16607Sep 19, 2018risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.