Vulnerabilities > Opmantek
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-22 | CVE-2020-8813 | OS Command Injection vulnerability in multiple products graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | 8.8 |
2019-09-13 | CVE-2019-16293 | OS Command Injection vulnerability in Opmantek Open-Audit The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | 8.8 |
2018-09-19 | CVE-2018-16607 | Cross-site Scripting vulnerability in Opmantek Open-Audit 2.2.7 Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | 5.4 |
2018-07-25 | CVE-2018-14493 | Cross-site Scripting vulnerability in Opmantek Open-Audit 2.2.6 Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | 6.1 |
2018-07-06 | CVE-2018-11124 | Cross-site Scripting vulnerability in Opmantek Open-Audit Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | 5.4 |
2018-05-10 | CVE-2018-10314 | Cross-site Scripting vulnerability in Opmantek Open-Audit 2.2.0 Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | 5.4 |
2017-04-10 | CVE-2016-6534 | Command Injection vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. | 7.5 |
2017-04-10 | CVE-2016-5642 | Cross-site Scripting vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G Opmantek NMIS before 8.5.12G has XSS via SNMP. | 5.4 |