9

CVE-2011-0018

Exploit
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenvasOpenvas Manager Version1.0.0
OpenvasOpenvas Manager Version1.0.0 Updatebeta1
OpenvasOpenvas Manager Version1.0.0 Updatebeta2
OpenvasOpenvas Manager Version1.0.0 Updatebeta3
OpenvasOpenvas Manager Version1.0.0 Updatebeta4
OpenvasOpenvas Manager Version1.0.0 Updatebeta5
OpenvasOpenvas Manager Version1.0.0 Updatebeta6
OpenvasOpenvas Manager Version1.0.0 Updatebeta7
OpenvasOpenvas Manager Version1.0.0 Updaterc1
OpenvasOpenvas Manager Version1.0.1
OpenvasOpenvas Manager Version1.0.2
OpenvasOpenvas Manager Version1.0.3
OpenvasOpenvas Manager Version2.0 Updatebeta1
OpenvasOpenvas Manager Version2.0 Updatebeta2
OpenvasOpenvas Manager Version2.0 Updatebeta3
OpenvasOpenvas Manager Version2.0 Updaterc1
OpenvasOpenvas Manager Version2.0 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.27% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/70639
http://secunia.com/advisories/43037
http://www.exploit-db.com/exploits/16086
http://www.openvas.org/OVSA20110118.html
Patch
Vendor Advisory
Exploit
http://www.securityfocus.com/archive/1/515971/100/0/threaded
http://www.securityfocus.com/bid/45987
http://www.vupen.com/english/advisories/2011/0208
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65011