CVE-2018-10314 – Open-AudIT Community 2.2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-10314
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. Vulnerabilidad de Cross-Site Scripting (XSS) en Open-AudIT Community 2.2.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un nombre de componente manipulado. Esto queda demostrado por el parámetro action en la sección Discover -> Audit Scripts -> List Scripts -> Download. Open-AudIT Community version 2.2.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44613 https://docs.google.com/document/d/1lUHMAOnbQUfh_yBGdBB1x9n0QdVGeP9Tggu9auqpXNo/edit?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-6534
https://notcve.org/view.php?id=CVE-2016-6534
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations. Opmantek NMIS en versiones anteriores a 4.3.7c tiene inyección de comandos a través de man, finger, ping, trace y nslookup en la secuencia de comandos CGI tools.pl. Versiones anteriores a 8.5.12G podrían verse afectadas en configuraciones no predeterminadas. • https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-5642
https://notcve.org/view.php?id=CVE-2016-5642
Opmantek NMIS before 8.5.12G has XSS via SNMP. Opmantek NMIS en versiones anteriores a 8.5.12G tiene XSS a través de SNMP. • https://community.rapid7.com/community/infosec/blog/2016/09/07/multiple-disclosures-for-multiple-network-management-systems-part-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •