Produkt Open source security information management (...) - CVEMAP.ORG

Podatności dla
'Open source security information management'

2020-01-27

CVE-2013-6056

CWE-22

OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability

2018-03-14

CVE-2018-7279

CWE-noinfo

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.

2017-05-23

CVE-2015-4046

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

CVE-2015-4045

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.

2014-08-21

CVE-2014-5383

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-5210

CWE-94

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

CVE-2014-5159

CWE-89

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

CVE-2014-5158

CWE-94

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

2014-06-18

CVE-2014-4153

CWE-200

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.

CVE-2014-4152

CWE-94

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

Copyright 2024, cxsecurity.com