Lucene search
K

382 matches found

Cvelist
Cvelist
added 2017/03/22 2:0 p.m.30 views

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

8.7AI score0.16179EPSS
Exploits5References4
CVE
CVE
added 2017/03/22 2:0 p.m.92 views

CVE-2017-6970

CVE-2017-6970 describes a local privilege escalation affecting NfSen 1.3.7 and AlienVault USM/OSSIM before 5.3.7/5.3.6. The issue arises from an OS command injection via the NfSen IPC UNIX domain socket , exploited by a web user (www-data) to execute crafted commands in the Perl components, ultim...

8.4CVSS8.2AI score0.01678EPSS
Exploits4References4Affected Software2
CNVD
CNVD
added 2017/03/17 12:0 a.m.6 views

AlienVault OSSIM and USM Authentication Bypass Vulnerability

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. A security...

9.8CVSS7.6AI score0.06407EPSS
Exploits2References1
Prion
Prion
added 2017/03/15 4:59 p.m.14 views

Authentication flaw

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report...

7.5CVSS8.4AI score0.06407EPSS
Exploits2References3Affected Software2
NVD
NVD
added 2017/03/15 4:59 p.m.19 views

CVE-2016-7955

The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report...

9.8CVSS10AI score0.06407EPSS
Exploits2References3
CVE
CVE
added 2017/03/15 4:0 p.m.49 views

CVE-2016-7955

CVE-2016-7955 affects AlienVault OSSIM/USM prior to 5.3.1. The vulnerability resides in the logcheck function (session.inc); by crafting a specific value in the AV Report Scheduler HTTP User-Agent header, an unauthenticated remote attacker can bypass authentication and, as a result, obtain sensit...

9.8CVSS9.9AI score0.06407EPSS
Exploits2References3Affected Software2
Packet Storm
Packet Storm
added 2017/03/07 12:0 a.m.50 views

Alienvault OSSIM / USM 5.3.0 Authentication Bypass

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Authentication Bypass Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-7955 Vulnerable Versions: =5.3.0 Fixed Version: 5.3.1 Vulnerability Details ===================== This vulnerability allows remote attackers to bypass...

0.8AI score0.06407EPSS
Exploits2
0day.today
0day.today
added 2017/03/07 12:0 a.m.47 views

Alienvault OSSIM/USM 5.3.0 Authentication Bypass Exploit

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Authentication Bypass Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-7955 Vulnerable Versions: =5.3.0 Fixed Version: 5.3.1 Vulnerability Details ===================== This...

7.1AI score0.06407EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/02/25 12:0 a.m.111 views

AlienVault OSSIM/USM Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2017/02/23 12:0 a.m.37 views

AlienVault OSSIM/USM Multiple Vulnerabilities

AlienVault OSSIM and USM are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.06407EPSS
Exploits2References2
Exploit DB
Exploit DB
added 2017/01/31 12:0 a.m.50 views

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/01/31 12:0 a.m.29 views

AlienVault OSSIMUSM 5.3.1 - Remote Code Execution (Metasploit)

AlienVault OSSIMUSM 5.3.1 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q Th...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2016/11/02 12:0 a.m.37 views

Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting

Alienvault OSSIMUSM 5.3.1 - Persistent Cross-Site Scripting Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the...

4.3CVSS0.2AI score0.17058EPSS
Exploits5
exploitpack
exploitpack
added 2016/11/02 12:0 a.m.66 views

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object...

7.5CVSS0.5AI score0.06861EPSS
Exploits4
Packet Storm
Packet Storm
added 2016/11/02 12:0 a.m.43 views

Alienvault OSSIM/USM 5.3.1 SQL Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of...

7.5CVSS0.5AI score0.57425EPSS
Exploits5
0day.today
0day.today
added 2016/11/02 12:0 a.m.60 views

Alienvault OSSIM/USM 5.3.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection...

7.1AI score0.57425EPSS
Exploits5
exploitpack
exploitpack
added 2016/11/02 12:0 a.m.156 views

Alienvault OSSIMUSM 5.3.1 - SQL Injection

Alienvault OSSIMUSM 5.3.1 - SQL Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability...

7.5CVSS0.7AI score0.57425EPSS
Exploits5
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.36 views

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site Google, in this...

6.1CVSS6.5AI score0.17058EPSS
Exploits5
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.37 views

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

9.8CVSS9.8AI score0.06861EPSS
Exploits4
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.35 views

Alienvault OSSIM/USM 5.3.1 - SQL Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8582 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A SQL injection vulnerability exists in the value parameter of...

9.8CVSS7AI score0.57425EPSS
Exploits5
Rows per page
Query Builder