Opmantek Security Vulnerabilities
5.4CVSS
5.5AI Score
0.001EPSS
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
7.5CVSS
7.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
6.1CVSS
5.9AI Score
0.893EPSS
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
5.4CVSS
5.3AI Score
0.001EPSS
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
8.8CVSS
8.7AI Score
0.006EPSS
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
8.8CVSS
8.9AI Score
0.04EPSS
9.8CVSS
9.7AI Score
0.002EPSS
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to t...
8.8CVSS
8.7AI Score
0.407EPSS
5.4CVSS
5.3AI Score
0.003EPSS
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
8.8CVSS
8.8AI Score
0.921EPSS
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
5.9CVSS
5.7AI Score
0.002EPSS
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
6.1CVSS
6.1AI Score
0.001EPSS
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
9.8CVSS
9.5AI Score
0.003EPSS
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
6.5CVSS
6.1AI Score
0.001EPSS
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
6.1CVSS
5.9AI Score
0.017EPSS