Opmantek Open Audit
By the Year
In 2024 there have been 0 vulnerabilities in Opmantek Open Audit . Open Audit did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 6.50 |
| 2021 | 4 | 6.98 |
| 2020 | 6 | 8.40 |
| 2019 | 1 | 8.80 |
| 2018 | 4 | 5.58 |
It may take a day or so for new Open Audit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opmantek Open Audit Security Vulnerabilities
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0
CVE-2021-44674
6.5 - Medium
- January 03, 2022
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
Directory traversal
An issue was discovered in Opmantek Open-AudIT after 3.5.0
CVE-2021-40612
9.8 - Critical
- December 22, 2021
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability
CVE-2021-44916
6.1 - Medium
- December 20, 2021
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
XSS
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS)
CVE-2021-3333
6.1 - Medium
- February 05, 2021
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
XSS
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings
CVE-2021-3130
5.9 - Medium
- January 20, 2021
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
An issue was discovered in Open-AudIT 3.2.2
CVE-2020-11942
9.8 - Critical
- April 29, 2020
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
SQL Injection
An issue was discovered in Open-AudIT 3.2.2
CVE-2020-11943
8.8 - High
- April 29, 2020
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
Unrestricted File Upload
Open-AudIT 3.3.0 allows an XSS attack after login.
CVE-2020-12261
5.4 - Medium
- April 28, 2020
Open-AudIT 3.3.0 allows an XSS attack after login.
XSS
An issue was discovered in Open-AudIT 3.3.1
CVE-2020-12078
8.8 - High
- April 28, 2020
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
Injection
An issue was discovered in Open-AudIT 3.2.2
CVE-2020-11941
8.8 - High
- April 27, 2020
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
Shell injection
graph_realtime.php in Cacti 1.2.8
CVE-2020-8813
8.8 - High
- February 22, 2020
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Shell injection
The Create Discoveries feature of Open-AudIT before 3.2.0
CVE-2019-16293
8.8 - High
- September 13, 2019
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
Shell injection
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7
CVE-2018-16607
5.4 - Medium
- September 19, 2018
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
XSS
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6
CVE-2018-14493
6.1 - Medium
- July 25, 2018
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
XSS
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2
CVE-2018-11124
5.4 - Medium
- July 06, 2018
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
XSS
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0
CVE-2018-10314
5.4 - Medium
- May 10, 2018
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Opmantek Open Audit or by Opmantek? Click the Watch button to subscribe.
