Lucene search
K

108 matches found

CVE
CVE
added 2016/10/28 3:0 p.m.39 views

CVE-2016-8583

CVE-2016-8583 affects AlienVault OSSIM/USM prior to version 5.3.2. The vulnerability is a reflected XSS in the vulnerability scan scheduler where multiple GET parameters (e.g., jobname, timeout, sched_id, targets[]) in /ossim/vulnmeter/sched.php can reflect attacker-supplied input. The issue stem...

6.1CVSS6.2AI score0.00641EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.25 views

CVE-2016-8583

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS...

6.2AI score0.00641EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.29 views

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

9.4AI score0.57425EPSS
Exploits5References3
CVE
CVE
added 2016/10/28 3:0 p.m.53 views

CVE-2016-8582

Summary of CVE-2016-8582 : A SQL injection vulnerability exists in the gauge.php component of AlienVault OSSIM/USM prior to 5.3.2. The flaw is triggered in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php, where a serialized array can carry a SQL query in the type field, en...

9.8CVSS9.2AI score0.57425EPSS
Exploits5References3Affected Software2
CVE
CVE
added 2016/10/28 3:0 p.m.63 views

CVE-2016-8581

CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...

6.1CVSS5.9AI score0.17058EPSS
Exploits5References3Affected Software2
CVE
CVE
added 2016/10/28 3:0 p.m.54 views

CVE-2016-8580

Summary (concrete details): AlienVault OSSIM/USM before 5.3.2 is affected by a PHP object injection vulnerability caused by unsafe unserialize() usage in multiple widgets (flow_chart.php, gauge.php, honeypot.php, image.php, inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, ti...

9.8CVSS10AI score0.06861EPSS
Exploits4References3Affected Software2
NVD
NVD
added 2016/09/26 4:59 p.m.24 views

CVE-2016-6913

Cross-site scripting XSS vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php...

5.4CVSS5.4AI score0.0092EPSS
Exploits3References3
Prion
Prion
added 2016/09/26 4:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php...

3.5CVSS6.2AI score0.0092EPSS
Exploits3References3Affected Software2
Cvelist
Cvelist
added 2016/09/26 4:0 p.m.33 views

CVE-2016-6913

Cross-site scripting XSS vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php...

5.4AI score0.0092EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2016/08/24 12:0 a.m.61 views

AlienVault USM/OSSIM 5.2 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AlienVault USM/OSSIM Vendor URL: www.alienvault.com Type: Cross-Site Scripting CWE-79 Date found: 2016-05-24 Date published: 2016-08-23 CVSSv3 Score: 5.4...

3.5CVSS0.1AI score0.0092EPSS
Exploits3
FreeBSD Advisory
FreeBSD Advisory
added 2016/01/14 12:0 a.m.14 views

FreeBSD-SA-16:06.bsnmpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:06.bsnmpd Security Advisory The FreeBSD Project Topic: Insecure default snmpd.config permissions Category: contrib Module: bsnmpd Announced: 2016-01-14...

5.5CVSS6.1AI score0.00497EPSS
Exploits2
The Hacker News
The Hacker News
added 2015/12/20 8:54 p.m.18 views

AlienVault Unified Security Management: Real-Time Threat Detection Starting on Day 1

As organizations expand their IT infrastructure to match their evolving business models and meet changing regulatory requirements, they often find that their networks have become extremely complex and challenging to manage. A primary concern for many IT teams is detecting threats in the mountain ...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2015/11/12 8:30 p.m.13 views

How to Build a Successful Incident Response Plan

The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2015/09/16 8:12 p.m.14 views

How to Detect IE Zero-day Exploit Used to Deploy Korplug Malware

Recently, Microsoft issued an Emergency patch for a zero-day vulnerability in Internet Explorer that is being exploited to deploy Korplug malware on vulnerable PCs. Korplug, a known variant of PlugX, is a Trojan that creates a backdoor used for information stealing on infected computers. In one o...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2015/09/02 12:3 a.m.30 views

FBI’s Cyber Task Force Identifies Stealthy FF-RATs used in Cyber Attack

In both April and June this year, a series of cyber attacks was conducted against the United States Office of Personnel Management OPM. These attacks resulted in 21 million current and former Federal government employees’ information being stolen. After months of investigation, the FBI’s Cyber Ta...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/05/29 12:1 a.m.19 views

Volatile Cedar — Global Cyber Espionage Campaign Discovered

Security firm Check Point has uncovered what seems to be a successful, and long-running, cyber-surveillance campaign called “Volatile Cedar.” Check Point found that targets of the attack included, but were not limited to, defense contractors, media companies, telecommunications, and educational...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2015/05/08 12:0 a.m.18 views

Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities

Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/08 12:0 a.m.24 views

Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix ha...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/06 12:0 a.m.27 views

Alienvault OSSIM/USM 4.x / 5.0 XSS / SQL Injection / Command Execution

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix ha...

1AI score
Exploits0
CVE
CVE
added 2015/05/01 3:0 p.m.46 views

CVE-2015-3446

Affected software/component: AlienVault Unified Security Management (USM) — Framework Daemon. Vulnerability: remote attackers can execute arbitrary Python code by sending a crafted plugin configuration file (.cfg). Root cause/impact: the flaw allows code execution with root privileges and does no...

9.3CVSS7.7AI score0.02429EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder