Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Open-audit'
2022-01-03
CVE-2021-44674
CWE-22
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
2021-12-20
CVE-2021-44916
CWE-79
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
2021-02-05
CVE-2021-3333
CWE-79
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
2020-04-29
CVE-2020-11943
CWE-434
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
CVE-2020-11942
CWE-89
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
2020-04-28
CVE-2020-12261
CWE-79
Open-AudIT 3.3.0 allows an XSS attack after login.
CVE-2020-12078
CWE-74
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
2020-04-27
CVE-2020-11941
CWE-78
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
2019-09-13
CVE-2019-16293
CWE-78
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
2018-09-19
CVE-2018-16607
CWE-79
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Open-audit' 
Polish
English