Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Open-audit'
2022-01-03
CVE-2021-44674
CWE-22
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
2021-12-20
CVE-2021-44916
CWE-79
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
2021-02-05
CVE-2021-3333
CWE-79
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
2020-04-29
CVE-2020-11943
CWE-434
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
CVE-2020-11942
CWE-89
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
2020-04-28
CVE-2020-12261
CWE-79
Open-AudIT 3.3.0 allows an XSS attack after login.
CVE-2020-12078
CWE-74
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
2020-04-27
CVE-2020-11941
CWE-78
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
2019-09-13
CVE-2019-16293
CWE-78
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
2018-09-19
CVE-2018-16607
CWE-79
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Open-audit' 