Opmantek

opmantek

18 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Network Management Information System

network_management_information_system

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-44674 1Opmantek 1Open Audit Nov 21, 2024 Jan 3, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
CVE-2021-40612 1Opmantek 1Open Audit Nov 21, 2024 Dec 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
CVE-2021-44916 1Opmantek 1Open Audit Nov 21, 2024 Dec 20, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's...Show more Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.Show less
CVE-2021-3333 1Opmantek 1Open Audit Nov 21, 2024 Feb 5, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already l...Show more Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.Show less
CVE-2021-3130 1Opmantek 1Open Audit Nov 21, 2024 Jan 20, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it...Show more Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.Show less
CVE-2020-11943 1Opmantek 1Open Audit Nov 21, 2024 Apr 29, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
CVE-2020-11942 1Opmantek 1Open Audit Nov 21, 2024 Apr 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
CVE-2020-12261 1Opmantek 1Open Audit Nov 21, 2024 Apr 28, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Open-AudIT 3.3.0 allows an XSS attack after login.
CVE-2020-12078 1Opmantek 1Open Audit Nov 21, 2024 Apr 28, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discover...Show more An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.Show less
CVE-2020-11941 1Opmantek 1Open Audit Nov 21, 2024 Apr 27, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
CVE-2020-8813 5Cacti DebianFedoraproject+2 more 5Cacti Debian LinuxFedora+2 more Nov 21, 2024 Feb 22, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2019-16293 1Opmantek 1Open Audit Nov 21, 2024 Sep 13, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVE-2018-16607 1Opmantek 1Open Audit Nov 21, 2024 Sep 19, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-14493 1Opmantek 1Open Audit Nov 21, 2024 Jul 25, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
CVE-2018-11124 1Opmantek 1Open Audit Nov 21, 2024 Jul 6, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribut...Show more Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.Show less
CVE-2018-10314 1Opmantek 1Open Audit Nov 21, 2024 May 10, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Disc...Show more Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.Show less
CVE-2016-6534 1Opmantek 1Network Management Information System May 13, 2026 Apr 10, 2017 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
CVE-2016-5642 1Opmantek 1Network Management Information System May 13, 2026 Apr 10, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Opmantek NMIS before 8.5.12G has XSS via SNMP.