Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Open\-Audit
(Opmantek)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-22 | CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | Cacti, Debian_linux, Fedora, Suse_package_hub, Open\-Audit | 8.8 | ||
| 2021-01-20 | CVE-2021-3130 | Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | Open\-Audit | 5.9 | ||
| 2021-02-05 | CVE-2021-3333 | Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. | Open\-Audit | 6.1 | ||
| 2021-12-20 | CVE-2021-44916 | Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. | Open\-Audit | 6.1 | ||
| 2021-12-22 | CVE-2021-40612 | An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. | Open\-Audit | 9.8 | ||
| 2022-01-03 | CVE-2021-44674 | An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | Open\-Audit | 6.5 |