CVE-2021-44674

all versions

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker

6.5MEDIUM

CVE-2021-40612

>= 3.5.0 and < 4.3.0

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/co

9.8CRITICAL

CVE-2021-44916

<= 4.2.0

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is

6.1MEDIUM

CVE-2021-3333

all versions

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously c

6.1MEDIUM

CVE-2021-3130

<= 4.0.2

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings fr

5.9MEDIUM

CVE-2020-11943

all versions

An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.

8.8HIGH

CVE-2020-11942

all versions

An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.

9.8CRITICAL

CVE-2020-12261

all versions

Open-AudIT 3.3.0 allows an XSS attack after login.

5.4MEDIUM

CVE-2020-12078

all versions

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/

8.8HIGH

CVE-2020-11941

all versions

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.

8.8HIGH

CVE-2020-8813

all versions

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, i

8.8HIGH

CVE-2019-16293

< 3.2.0

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a

8.8HIGH

CVE-2018-16607

all versions

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to i

5.4MEDIUM

CVE-2018-14493

all versions

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitr

6.1MEDIUM

CVE-2018-11124

< 2.2.2

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote at

5.4MEDIUM

CVE-2018-10314

all versions

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or H

5.4MEDIUM

CVE-2018-9137

<= 2.1

Open-AudIT before 2.2 has CSV Injection.

6.8MEDIUM

CVE-2018-9155

all versions

Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script o

5.4MEDIUM

CVE-2018-8937

all versions

An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter

6.1MEDIUM

CVE-2018-8979

all versions

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials U

8.8HIGH

CVE-2018-8978

all versions

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.

5.4MEDIUM

CVE-2018-8903

all versions

Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.

5.4MEDIUM