4 matches found
CVE-2012-5520
The sendtosourcefire function in managesql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the 1 IP address or 2 port number field in an OMP request...
CVE-2012-5520
The CVE-2012-5520 issue affects OpenVAS Manager 3.x before 3.0.4, where the send_to_sourcefire function in manage_sql.c constructs a shell command using unvalidated user input (IP address and port) from OMP requests. This command injection could allow an attacker (authenticated OpenVAS Manager us...
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
OpenVAS Security Advisory OVSA20121112 Date: 12th November 2012 Product: OpenVAS Manager 3.0.4 and 4.0+beta4 Vendor: OpenVAS http://www.openvas.org/ Risk: Medium Summary It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied...
OpenVAS Command Injection
OpenVAS Security Advisory OVSA20121112 Date: 12th November 2012 Product: OpenVAS Manager Risk: Medium Summary It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified th...