CVSS: 9.3EPSS: 91%CPEs: 8EXPL: 10CVE-2020-8813 – Cacti 1.2.8 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. El archivo graph_realtime.php en Cacti versión 1.2.8, permite a atacantes remotos ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en una cookie, si un usuario invitado posee el privilegio graph real-time. graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege. • https://www.exploit-db.com/exploits/48145 https://www.exploit-db.com/exploits/48144 https://github.com/mhaskar/CVE-2020-8813 https://github.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime https://github.com/hexcowboy/CVE-2020-8813 https://github.com/0xm4ud/Cacti-CVE-2020-8813 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://packetstormsecurity.com/files/156537/Cacti- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16293
https://notcve.org/view.php?id=CVE-2019-16293
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. La funcionalidad Create Discoveries de Open-AudIT versiones anteriores a 3.2.0, permite a un atacante autenticado ejecutar comandos arbitrarios de sistema operativo (SO) por medio de un valor diseñado para un campo URL. • https://community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16607
https://notcve.org/view.php?id=CVE-2018-16607
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Vulnerabilidad Cross-Site Scripting (XSS) en la página Orgs en Open-AudIT Professional edition en su versión 2.2.7 permite que los atacantes remotos inyecten scripts web mediante el campo name en Orgs. • https://docs.google.com/document/d/1MKeb9lly_oOrVG0Ja4A-HgwaeXhb_xQHT9IIOee3wi0/edit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 89%CPEs: 1EXPL: 2CVE-2018-14493 – Open-AudIT Community 2.2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14493
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. Vulnerabilidad Cross-Site Scripting (XSS) en Groups Page en Open-Audit Community 2.2.6 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el nombre de grupo. Open-AudIT Community version 2.2.6 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45160 https://docs.google.com/document/d/1K3G6a8P_LhYdk5Ddn57Z2aDUpaGAS7I_F8lESVfSFfY/edit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-11124 – Open-AudIT Community 2.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-11124
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. Vulnerabilidad de Cross-Site Scripting (XSS) en la funcionalidad Attributes en Open-AudIT Community edition en versiones anteriores a la 2.2.2 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de atributo manipulado de un Attribute. Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45053 https://docs.google.com/document/d/1dJP1CQupHGXjsMWthgPGepOkcnxYA4mDfdjOE46nrhM/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •