5 matches found
CVE-2020-5841
The CVE-2020-5841 entry relates to OpServices OpMon 9.3.1-1. An attacker could perform SQL injection without authentication by manipulating password change parameters, due to improper input handling. This affects the OpMon component and enables access to sensitive database information. The public...
CVE-2021-43009
CVE-2021-43009 is an XSS vulnerability in OpServices OpMon up to version 9.11, exploitable via the search parameter in the request URL. The CVE entry notes a client-side script execution due to unescaped input, with multiple public references documenting PoCs and exploitation examples (e.g., payl...
CVE-2020-7954
OpServices OpMon 9.3.2 is affected. The issue allows privilege escalation from the apache user due to a misconfigured sudoers file that by default permits passwordless execution of certain programs (e.g., nmap). Root cause: incorrect sudoers configuration in the server. Impact: local privilege es...
CVE-2020-7953
CVE-2020-7953 affects OpServices OpMon 9.3.2. The issue allows reading server files (e.g., /etc/passwd) without authentication due to the use of nmap -iL (input file) option. Multiple connected sources (including Red Hat and CNVD entries) corroborate this description. The vulnerability impacts co...
CVE-2020-8636
CVE-2020-8636 affects OpServices OpMon 9.3.2. The issue enables Remote Code Execution with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW complexity, no user interaction). Exploitation details are not provided in the documents; no remediation or patch information is listed. Exploitation status ...