EUVD-2013-6567

Malware in sbrugna...

SUSE CVE-2012-5520

The sendtosourcefire function in managesql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the 1 IP address or 2 port number field in an OMP request...

CVE-2012-5520

The sendtosourcefire function in managesql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the 1 IP address or 2 port number field in an OMP request...

Cross site request forgery (csrf)

The sendtosourcefire function in managesql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the 1 IP address or 2 port number field in an OMP request...

CVE-2012-5520

The CVE-2012-5520 issue affects OpenVAS Manager 3.x before 3.0.4, where the send_to_sourcefire function in manage_sql.c constructs a shell command using unvalidated user input (IP address and port) from OMP requests. This command injection could allow an attacker (authenticated OpenVAS Manager us...

CVE-2012-5520

The sendtosourcefire function in managesql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the 1 IP address or 2 port number field in an OMP request...

OpenVAS Manager code execution

Unescaped shell characters on OMP request processing...

OpenVAS Manager OMP Request Handling Command Injection Vulnerability

OpenVAS Manager is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-0650

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

Cross site request forgery (csrf)

The email function in managesql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the 1 To or 2 From e-mail address in an OMP request to the Greenbone Security Assistant GSA...

CVE-2011-0650

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

CVE-2011-0650

CVE-2011-0650 concerns Greenbone Security Assistant (GSA) prior to 2.0+rc3. The issue is a CSRF vulnerability that allows an attacker to hijack the user’s authenticated session to issue OMP requests to OpenVAS Manager (e.g., sending email). This is tied to exploitation of CVE-2011-0018 via the GS...