15 matches found
Alienvault OSSIM/USM 5.3.0 Authentication Bypass Exploit
Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Authentication Bypass Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-7955 Vulnerable Versions: =5.3.0 Fixed Version: 5.3.1 Vulnerability Details ===================== This...
Alienvault OSSIM / USM 5.3.0 Authentication Bypass
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Authentication Bypass Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-7955 Vulnerable Versions: =5.3.0 Fixed Version: 5.3.1 Vulnerability Details ===================== This vulnerability allows remote attackers to bypass...
Alienvault OSSIM/USM 5.3.1 Cross Site Scripting
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Reflected XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8583 Vulnerable Versions: body+onpageshow%3d"alert0 For the targets param the payload is slightly different. Timeline ======== 08/03/16 - Reported to Vendor 10/03/16 -...
Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting
Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the...
Alienvault OSSIM/USM 5.3.1 SQL Injection
Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of...
Alienvault OSSIM/USM 5.3.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection...
Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Curre...
Alienvault OSSIMUSM 5.3.1 - PHP Object Injection
Alienvault OSSIMUSM 5.3.1 - PHP Object Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object...
Alienvault OSSIMUSM 5.3.1 - SQL Injection
Alienvault OSSIMUSM 5.3.1 - SQL Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability...
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...
Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection Vulnerability
Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP objec...
Alienvault OSSIM/USM 5.3.1 - SQL Injection
Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of...
Alienvault OSSIM/USM 5.3.1 - PHP Object Injection
Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...
Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities
Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely...