Skip to main content

Open Audit

22 CVEs product

Monthly

CVE-2021-44674 MEDIUM PATCH This Month

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure Path Traversal Open Audit
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-40612 CRITICAL PATCH Act Now

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Open Audit
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-44916 MEDIUM POC PATCH This Month

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Audit
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.7%
CVE-2021-3333 MEDIUM PATCH This Month

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Open Audit
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3130 MEDIUM This Month

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Open Audit
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-11943 HIGH POC THREAT This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Audit
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-11942 CRITICAL POC Act Now

An issue was discovered in Open-AudIT 3.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Audit
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-12261 MEDIUM POC This Month

Open-AudIT 3.3.0 allows an XSS attack after login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2020-12078 HIGH POC PATCH This Week

An issue was discovered in Open-AudIT 3.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Open Audit
NVD GitHub
CVSS 3.1
8.8
EPSS
10.0%
CVE-2020-11941 HIGH POC This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-8813 HIGH POC THREAT This Week

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Cacti Fedora Open Audit +2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
73.8%
CVE-2019-16293 HIGH POC This Week

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-16607 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14493 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
40.4%
CVE-2018-11124 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-10314 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-9137 MEDIUM POC This Month

Open-AudIT before 2.2 has CSV Injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Open Audit
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
2.8%
CVE-2018-9155 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-8937 MEDIUM POC This Month

An issue was discovered in Open-AudIT Professional 2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Open Audit
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8979 HIGH POC This Week

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Open Audit
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-8978 MEDIUM POC This Month

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-8903 MEDIUM POC This Month

Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure Path Traversal Open Audit
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Open Audit
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Audit
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Open Audit
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Open Audit
NVD
EPSS 24% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Open Audit
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Open-AudIT 3.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Audit
NVD
EPSS 3% CVSS 5.4
MEDIUM POC This Month

Open-AudIT 3.3.0 allows an XSS attack after login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
EPSS 10% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in Open-AudIT 3.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Open Audit
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

An issue was discovered in Open-AudIT 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
EPSS 74% CVSS 8.8
HIGH POC THREAT This Week

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Cacti +4
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Open Audit
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
EPSS 40% CVSS 6.1
MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
EPSS 3% CVSS 6.8
MEDIUM POC This Month

Open-AudIT before 2.2 has CSV Injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Open Audit
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Open-AudIT Professional 2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Open Audit
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Open Audit
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy