208 matches found
CVE-2021-3130
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible...
CVE-2021-3130
The CVE-2021-3130 issue affects Open-AudIT up to version 3.5.3, where the web interface uses HTML password-field obfuscation to hide SSH secrets, Windows passwords, and SNMP strings. The vulnerability arises because credentials can be revealed by altering obfuscation through developer tools or si...
Opmantek Open-AudIT Security Vulnerability
Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A security vulnerability exists in Open-AudIT up to version 3.5.3, which originates from the web interface usin...
Opmantek Open-AudIT m_discoveries.php Command Injection (CVE-2020-11941)
A command injection vulnerability exists in Open-AudIT. The vulnerability is due to insufficient input validation in mdiscoveries.php...
Exploit for OS Command Injection in Opmantek Open-Audit
CVE-2020-12078 The offi...
Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Open-AudIT 3.3.0 - Reflective Cross-Site Scripting Authenticated Exploit Author: Kamaljeet Kumar Vendor Homepage: https://opmantek.com/network-discovery-inventory-software/ Software Link: https://www.open-audit.org/downloads.php...
Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)
Exploit Title: Open-AudIT 3.3.0 - Reflective Cross-Site Scripting Authenticated Date: 2020-04-26 Exploit Author: Kamaljeet Kumar Vendor Homepage: https://opmantek.com/network-discovery-inventory-software/ Software Link: https://www.open-audit.org/downloads.php Version: 3.3.0 CVE : CVE-2020-12261...
Opmantek Open-AudIT SQL Injection Vulnerability
Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A security vulnerability exists in Opmantek Open-AudIT version 3.2.2. An attacker can exploit the vulnerability...
Opmantek Open-AudIT Code Issue Vulnerability
Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A code issue vulnerability exists in Opmantek Open-AudIT version 3.2.2. An attacker can exploit the vulnerabili...
Open-AudIT Professional 3.3.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Open-AudIT Professional 3.3.1 - Remote Code Execution Exploit Author: Askar CVE: CVE-2020-8813 Vendor Homepage: https://opmantek.com/ Version: v3.3.1 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 import requests import...
CVE-2020-11943
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload...
CVE-2020-11942
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections...
CVE-2020-11943
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload...
CVE-2020-11942
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections...
Design/Logic Flaw
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload...
Sql injection
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections...
CVE-2020-11943
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload...
CVE-2020-11943
Open-AudIT 3.2.2 contains an arbitrary file upload vulnerability in the Add Image workflow. An authenticated attacker can upload a PHP file (simple-backdoor.php) via the image upload endpoint and access it to execute commands, as demonstrated by a PoC that places the backdoor under custom_images ...
CVE-2020-11942
Open-AudIT 3.2.2 contains SQL injection in device scripts via unsanitized parameters system.class and system.discovery_id, enabling an attacker to modify or execute arbitrary SQL statements (e.g., via crafted requests to /devices). PoC shows TRUE/FALSE payloads returning different response sizes,...
CVE-2020-11942
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections...