CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44674
https://notcve.org/view.php?id=CVE-2021-44674
03 Jan 2022 — An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. Se ha detectado un problema de exposición de información en Opmantek Open-AudIT versión 4.2.0. La vulnerabilidad permite a un atacante autenticado leer archivos fuera del directorio restringido • http://open-audit.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40612
https://notcve.org/view.php?id=CVE-2021-40612
22 Dec 2021 — An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. Se ha detectado un problema en Opmantek Open-AudIT después de la versión 3.5.0. Sin autenticación, una vulnerabilidad en el archivo code_igniter/application/controllers/util.php permite a un atacante llevar a cabo una ejecución de comandos sin eco • https://community.opmantek.com/pages/viewpage.action?pageId=65504438 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2021-44916 – Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
https://notcve.org/view.php?id=CVE-2021-44916
20 Dec 2021 — Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. Opmantek Open-AudIT Community versión 4.2.0 (Corregido en versión 4.3.0) está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Si es pasado un valor incorrecto a la rutina por medio de una URL, puede ejecutarse código JavaScript malicioso en el navegador de la ví... • https://packetstorm.news/files/id/165502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3333
https://notcve.org/view.php?id=CVE-2021-3333
05 Feb 2021 — Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. Opmantek Open-AudIT versión 4.0.1, está afectado por una vulnerabilidad de tipo cross-site scripting. Al generar sentencias SQL para depuración, una consulta diseñada con fines maliciosos puede desencadenar un ataque de tipo X... • https://community.opmantek.com/display/OA/Errata+-+4.0.1+XSS+in+SQL+debugging+output • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3130
https://notcve.org/view.php?id=CVE-2021-3130
20 Jan 2021 — Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. Dentro de la aplicación Open-AudIT hasta la versión 3.5.3, la interfaz web oculta los secretos SSH, las contraseñas de Windows y las cadenas SNMP de los usuarios que usan la ofuscación del HTML "password field". ... • https://github.com/jet-pentest/CVE-2021-3130 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-11942 – Open-AudIT 3.2.2 Command Injection / SQL Injection
https://notcve.org/view.php?id=CVE-2020-11942
29 Apr 2020 — An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. Se detectó un problema en Open-AudIT versión 3.2.2. Se presentan múltiples inyecciones SQL. Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/157476 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-11943 – Open-AudIT 3.2.2 Command Injection / SQL Injection
https://notcve.org/view.php?id=CVE-2020-11943
29 Apr 2020 — An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. Se detectó un problema en Open-AudIT versión 3.2.2. Hay una carga de archivos arbitrarios. Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/157476 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 6CVE-2020-12078 – Open-AudIT Professional 3.3.1 Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12078
28 Apr 2020 — An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address. Se descubrió un prob... • https://packetstorm.news/files/id/157477 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 16%CPEs: 1EXPL: 2CVE-2020-11941 – Open-AudIT 3.2.2 Command Injection / SQL Injection
https://notcve.org/view.php?id=CVE-2020-11941
27 Apr 2020 — An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. Se descubrió un problema en Open-AudIT versión 3.2.2. Hay una inyección de Comandos del Sistema Operativo en Discovery. Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/157476 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2020-12261 – Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)
https://notcve.org/view.php?id=CVE-2020-12261
26 Apr 2020 — Open-AudIT 3.3.0 allows an XSS attack after login. Open-AudIT versión 3.3.0, permite un ataque de tipo XSS después del inicio de sesión. Open-AudIT version 3.3.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/157401 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •