CVE-2021-40612 — CVSS 9.8 (critical): An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/…
CVE-2019-16293 — CVSS 8.8 (high): The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted…
CVE-2020-8813 — CVSS 8.8 (high): graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest…
CVE-2020-12078 — CVSS 8.8 (high): An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An…
CVE-2021-44674 — CVSS 6.5 (medium): An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read…
CVE-2021-44916 — CVSS 6.1 (medium): Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to…
CVE-2018-14493 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web…
CVE-2021-3333 — CVSS 6.1 (medium): Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted…
CVE-2021-3130 — CVSS 5.9 (medium): Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users…
CVE-2018-10314 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a…
CVE-2018-16607 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject…
CVE-2018-11124 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers…