Opmantek: Security Vulnerabilities
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVSS Score
8.8
EPSS Score
0.941
Published
2020-02-22
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-09-13
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-19
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
CVSS Score
6.1
EPSS Score
0.016
Published
2018-07-25
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-07-06
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-05-10
Opmantek NMIS before 8.5.12G has XSS via SNMP.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-10
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
CVSS Score
7.5
EPSS Score
0.037
Published
2017-04-10
Page 2