Filtered by vendor Alienvault
Subscribe
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4046 | 1 Alienvault | 1 Open Source Security Information Management | 2017-05-30 | 6.5 MEDIUM | 7.2 HIGH |
| The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | |||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2016-12-05 | 9.3 HIGH | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | |||||
| CVE-2016-8583 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | |||||
| CVE-2016-6913 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2016-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php. | |||||
| CVE-2014-5383 | 1 Alienvault | 1 Open Source Security Information Management | 2015-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5210 | 1 Alienvault | 1 Open Source Security Information Management | 2014-08-21 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805. | |||||
| CVE-2014-5159 | 1 Alienvault | 1 Open Source Security Information Management | 2014-08-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||||
| CVE-2014-5158 | 1 Alienvault | 1 Open Source Security Information Management | 2014-08-21 | 10.0 HIGH | N/A |
| The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-4153 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 7.8 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||||
| CVE-2014-4152 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. | |||||
| CVE-2014-4151 | 1 Alienvault | 1 Open Source Security Information Management | 2014-06-19 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. | |||||
| CVE-2013-5967 | 1 Alienvault | 1 Open Source Security Information Management | 2013-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/. | |||||
| CVE-2013-5321 | 1 Alienvault | 1 Open Source Security Information Management | 2013-08-21 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. | |||||
| CVE-2009-4373 | 1 Alienvault | 1 Open Source Security Information Management | 2010-06-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/. | |||||
| CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2010-06-23 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | |||||
| CVE-2009-4375 | 1 Alienvault | 1 Open Source Security Information Management | 2010-05-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||||