opmantek CVE 脆弱性と CVE 一覧(18)

製品(CPE): — CVE 件数: 18

opmantek 脆弱性概要

opmantek 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk cross-site scripting、vendor risk sql injection, and パス処理の欠陥 に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 118 / 18 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-44674 An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. [email protected] 6.5 1.26% 2022-01-03 2026-07-04
CVE-2021-40612 An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes. [email protected] 9.8 2.01% 2021-12-22 2026-06-17
CVE-2021-44916 Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. [email protected] 6.1 3.71% 2021-12-20 2026-06-17
CVE-2021-3333 Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. [email protected] 6.1 0.76% 2021-02-05 2026-06-17
CVE-2021-3130 Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. [email protected] 5.9 1.32% 2021-01-20 2026-06-17
CVE-2020-11943 An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload. [email protected] 8.8 23.90% 2020-04-29 2026-06-16
CVE-2020-11942 An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections. [email protected] 9.8 1.24% 2020-04-29 2026-06-16
CVE-2020-12261 Open-AudIT 3.3.0 allows an XSS attack after login. [email protected] 5.4 2.59% 2020-04-28 2026-06-16
CVE-2020-12078 An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address. [email protected] 8.8 10.00% 2020-04-28 2026-06-16
CVE-2020-11941 An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. [email protected] 8.8 4.56% 2020-04-27 2026-06-16
CVE-2020-8813 graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. [email protected] 8.8 73.78% 2020-02-21 2026-06-16
CVE-2019-16293 The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. [email protected] 8.8 1.61% 2019-09-13 2026-06-16
CVE-2018-16607 Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. [email protected] 5.4 0.65% 2018-09-19 2026-06-16
CVE-2018-14493 Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. [email protected] 6.1 40.43% 2018-07-25 2026-06-16
CVE-2018-11124 Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. [email protected] 5.4 1.87% 2018-07-06 2026-06-16
CVE-2018-10314 Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. [email protected] 5.4 1.87% 2018-05-09 2026-06-16
CVE-2016-6534 Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations. [email protected] 7.5 1.26% 2017-04-09 2026-06-16
CVE-2016-5642 Opmantek NMIS before 8.5.12G has XSS via SNMP. [email protected] 5.4 0.50% 2017-04-09 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence