RSS   Vulnerabilities for 'Open-audit'   RSS

2022-01-03
 
CVE-2021-44674

CWE-22
 

 
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.

 
2021-12-20
 
CVE-2021-44916

CWE-79
 

 
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.

 
2021-02-05
 
CVE-2021-3333

CWE-79
 

 
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.

 
2020-04-29
 
CVE-2020-11943

CWE-434
 

 
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.

 
 
CVE-2020-11942

CWE-89
 

 
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.

 
2020-04-28
 
CVE-2020-12261

CWE-79
 

 
Open-AudIT 3.3.0 allows an XSS attack after login.

 
 
CVE-2020-12078

CWE-74
 

 
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

 
2020-04-27
 
CVE-2020-11941

CWE-78
 

 
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.

 
2019-09-13
 
CVE-2019-16293

CWE-78
 

 
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.

 
2018-09-19
 
CVE-2018-16607

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.

 


Copyright 2024, cxsecurity.com

 

Back to Top