VYPR

Vendor CVEs

Opmantek

All CVEs

21 total · sorted by risk
  • CVE-2020-11942CriApr 29, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.

  • CVE-2018-8979HigMar 25, 2018
    risk 0.60cvss 8.8epss 0.01

    Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.

  • CVE-2020-11943HigApr 29, 2020
    risk 0.59cvss 8.8epss 0.24

    An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.

  • CVE-2020-11941HigApr 27, 2020
    risk 0.58cvss 8.8epss 0.05

    An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.

  • CVE-2019-16293HigSep 13, 2019
    risk 0.50cvss 8.8epss 0.02

    The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.

  • CVE-2016-6534HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.

  • CVE-2018-9137MedApr 19, 2018
    risk 0.47cvss 6.8epss 0.03

    Open-AudIT before 2.2 has CSV Injection.

  • CVE-2018-14493MedJul 25, 2018
    risk 0.46cvss 6.1epss 0.40

    Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.

  • CVE-2021-44674MedJan 3, 2022
    risk 0.42cvss 6.5epss 0.01

    An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.

  • CVE-2021-3333MedFeb 5, 2021
    risk 0.40cvss 6.1epss 0.01

    Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.

  • CVE-2021-3130MedJan 20, 2021
    risk 0.38cvss 5.9epss 0.01

    Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the…

  • CVE-2020-12261MedApr 28, 2020
    risk 0.38cvss 5.4epss 0.03

    Open-AudIT 3.3.0 allows an XSS attack after login.

  • CVE-2018-11124MedJul 6, 2018
    risk 0.38cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.

  • CVE-2018-10314MedMay 10, 2018
    risk 0.38cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.

  • CVE-2018-8903MedMar 22, 2018
    risk 0.38cvss 5.4epss 0.02

    Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.

  • CVE-2018-16607MedSep 19, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

  • CVE-2016-5642MedApr 10, 2017
    risk 0.35cvss 5.4epss 0.01

    Opmantek NMIS before 8.5.12G has XSS via SNMP.

  • CVE-2018-9155MedApr 12, 2018
    risk 0.31cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section…

  • CVE-2021-44916MedDec 20, 2021
    risk 0.03cvss 6.1epss 0.04

    Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

  • CVE-2020-12078HigApr 28, 2020
    risk 0.01cvss 8.8epss 0.10

    An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip…

  • CVE-2021-40612CriDec 22, 2021
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.