AlienVault OSSIM and USM Remote Command Execution Vulnerabilities

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. A remote...

Unspecified Vulnerability in AlienVault USM/OSSIM/NfSen

AlienVault USM and OSSIM are both products of AlienVault, Inc. in the U.S. USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system, among other features.OSSIM is an open-source security information management...

AlienVault OSSIM and USM SQL Injection Vulnerabilities

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. An SQL...

AlienVault OSSIM and USM Cross-Site Scripting Vulnerabilities

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. A cross-site...

AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability

AlienVault Open Source SIEM OSSIM SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CVE-2014-1805 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet explorer ...

Alienvault Open Source SIEM (OSSIM) 3.1 - 'date_from' Multiple SQL Injections

source: https://www.securityfocus.com/bid/62790/info Open Source SIEM OSSIM is prone to multiple SQL-injection vulnerabilities. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Open Sourc...

Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting Blind SQL Injection

Alienvault Open Source SIEM OSSIM 3.1 - Reflected Cross-Site Scripting Blind SQL Injection !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php". Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an...

Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection

!/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php". Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user session:...

CVE-2009-4375

The CVE-2009-4375 issue affects AlienVault OSSIM 2.1.5 (and possibly earlier builds before 2.1.5-4). A SQL injection vulnerability in repository/repository_attachment.php allows remote attackers to execute arbitrary SQL commands through the id_document parameter. References and vendor entries (Re...