Alienvault

Open Source Security Information Management

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2014-4152

  • EPSS 11.38%
  • Veröffentlicht 18.06.2014 19:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

10

CVE-2014-3805

  • EPSS 41.18%
  • Veröffentlicht 13.06.2014 14:55:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-...

10

CVE-2014-3804

  • EPSS 80.42%
  • Veröffentlicht 13.06.2014 14:55:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_s...

7.5

CVE-2013-5967

  • EPSS 0.3%
  • Veröffentlicht 09.10.2013 14:54:26
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) rad...

7.5

CVE-2013-5321

Exploit
  • EPSS 0.68%
  • Veröffentlicht 20.08.2013 14:56:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (...

4.3

CVE-2013-5300

  • EPSS 0.69%
  • Veröffentlicht 15.08.2013 20:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php ...

4.3

CVE-2012-3835

Exploit
  • EPSS 7.32%
  • Veröffentlicht 03.07.2012 22:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter t...

6.5

CVE-2012-3834

Exploit
  • EPSS 0.66%
  • Veröffentlicht 03.07.2012 22:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

7.5

CVE-2009-4372

Exploit
  • EPSS 8.82%
  • Veröffentlicht 21.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_gra...

7.5

CVE-2009-4375

Exploit
  • EPSS 0.17%
  • Veröffentlicht 21.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the...