CVE-2020-8813
- EPSS 94.14%
- Veröffentlicht 22.02.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 05:39:29
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2019-16293
- EPSS 0.95%
- Veröffentlicht 13.09.2019 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:30:28
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVE-2018-16607
- EPSS 0.15%
- Veröffentlicht 19.09.2018 15:29:19
- Zuletzt bearbeitet 21.11.2024 03:53:03
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-14493
- EPSS 1.62%
- Veröffentlicht 25.07.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:10
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
CVE-2018-11124
- EPSS 0.19%
- Veröffentlicht 06.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:42
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
CVE-2018-10314
- EPSS 0.19%
- Veröffentlicht 10.05.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:12
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List ...