Lucene search
+L

382 matches found

Packet Storm
Packet Storm
added 2016/11/02 12:0 a.m.38 views

Alienvault OSSIM/USM 5.3.1 PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

7.5CVSS0.2AI score0.06861EPSS
Exploits4
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.37 views

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

9.8CVSS9.8AI score0.06861EPSS
Exploits4
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.38 views

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

6.1CVSS6.5AI score0.17058EPSS
Exploits5
exploitpack
exploitpack
added 2016/11/02 12:0 a.m.158 views

Alienvault OSSIMUSM 5.3.1 - SQL Injection

Alienvault OSSIMUSM 5.3.1 - SQL Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability...

7.5CVSS0.7AI score0.57425EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2016/10/30 12:0 a.m.2 views

AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection

A SQL injection vulnerability has been reported in AlienVault USM and OSSIM. The vulnerability is due to a failure to sanitize input on requests to getdirectivekdb.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable application...

3.7AI score
Exploits0
OSV
OSV
added 2016/10/28 3:59 p.m.3 views

CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

6.1CVSS5.8AI score0.00641EPSS
Exploits1References2
NVD
NVD
added 2016/10/28 3:59 p.m.25 views

CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

6.1CVSS6.3AI score0.00641EPSS
Exploits1References2
OSV
OSV
added 2016/10/28 3:59 p.m.4 views

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

9.8CVSS6AI score0.57425EPSS
Exploits5References3
OSV
OSV
added 2016/10/28 3:59 p.m.4 views

CVE-2016-8581

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...

6.1CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2016/10/28 3:59 p.m.24 views

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

9.8CVSS10AI score0.06861EPSS
Exploits4References3
OSV
OSV
added 2016/10/28 3:59 p.m.3 views

CVE-2016-8580

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

9.8CVSS6.2AI score0.06861EPSS
Exploits4References3
Prion
Prion
added 2016/10/28 3:59 p.m.15 views

Cross site scripting

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...

4.3CVSS6AI score0.17058EPSS
Exploits5References3Affected Software2
Prion
Prion
added 2016/10/28 3:59 p.m.18 views

Design/Logic Flaw

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

7.5CVSS8.3AI score0.06861EPSS
Exploits4References3Affected Software2
CVE
CVE
added 2016/10/28 3:0 p.m.65 views

CVE-2016-8581

CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...

6.1CVSS5.9AI score0.17058EPSS
Exploits5References3Affected Software2
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.26 views

CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

6.2AI score0.00641EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.30 views

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

9.4AI score0.57425EPSS
Exploits5References3
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.28 views

CVE-2016-8581

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...

6AI score0.17058EPSS
Exploits5References3
CVE
CVE
added 2016/10/28 3:0 p.m.56 views

CVE-2016-8580

Summary (concrete details): AlienVault OSSIM/USM before 5.3.2 is affected by a PHP object injection vulnerability caused by unsafe unserialize() usage in multiple widgets (flow_chart.php, gauge.php, honeypot.php, image.php, inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, ti...

9.8CVSS10AI score0.06861EPSS
Exploits4References3Affected Software2
CVE
CVE
added 2016/10/28 3:0 p.m.41 views

CVE-2016-8583

CVE-2016-8583 affects AlienVault OSSIM/USM prior to version 5.3.2. The vulnerability is a reflected XSS in the vulnerability scan scheduler where multiple GET parameters (e.g., jobname, timeout, sched_id, targets[]) in /ossim/vulnmeter/sched.php can reflect attacker-supplied input. The issue stem...

6.1CVSS6.2AI score0.00641EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2016/10/28 3:0 p.m.54 views

CVE-2016-8582

Summary of CVE-2016-8582 : A SQL injection vulnerability exists in the gauge.php component of AlienVault OSSIM/USM prior to 5.3.2. The flaw is triggered in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php, where a serialized array can carry a SQL query in the type field, en...

9.8CVSS9.2AI score0.57425EPSS
Exploits5References3Affected Software2
Rows per page
Query Builder