Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AlienvaultOpen Source Security Information Management

22 matches found

CVE
CVEadded 2014/08/21 2:55 p.m.65 views

CVE-2014-5210

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

10CVSS7.3AI score0.80424EPSS
CVE
CVEadded 2018/03/14 1:29 p.m.57 views

CVE-2018-7279

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.

9.8CVSS9.7AI score0.02521EPSS
CVE
CVEadded 2014/06/13 2:55 p.m.47 views

CVE-2014-3805

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.

10CVSS7.3AI score0.80424EPSS
CVE
CVEadded 2014/06/13 2:55 p.m.45 views

CVE-2014-3804

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerabil...

10CVSS7.3AI score0.80424EPSS
CVE
CVEadded 2014/06/18 7:55 p.m.43 views

CVE-2014-4153

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.

7.8CVSS6.8AI score0.07557EPSS
CVE
CVEadded 2013/10/09 2:54 p.m.42 views

CVE-2013-5967

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-...

7.5CVSS8.8AI score0.00304EPSS
CVE
CVEadded 2009/12/21 4:30 p.m.41 views

CVE-2009-4373

Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, the...

7.5CVSS7.8AI score0.02379EPSS
CVE
CVEadded 2009/12/21 4:30 p.m.41 views

CVE-2009-4374

Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document par...

7.5CVSS6.9AI score0.00153EPSS
CVE
CVEadded 2014/06/18 7:55 p.m.39 views

CVE-2014-4152

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

10CVSS7.8AI score0.1138EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.39 views

CVE-2015-4046

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

7.2CVSS7.1AI score0.06204EPSS
CVE
CVEadded 2020/01/27 3:15 p.m.37 views

CVE-2013-6056

OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability

7.8CVSS7.5AI score0.004EPSS
CVE
CVEadded 2013/08/20 2:56 p.m.36 views

CVE-2013-5321

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to...

7.5CVSS8.7AI score0.00675EPSS
CVE
CVEadded 2009/12/21 4:30 p.m.34 views

CVE-2009-4372

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_gra...

7.5CVSS7.7AI score0.08824EPSS
CVE
CVEadded 2012/07/03 10:55 p.m.33 views

CVE-2012-3834

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

6.5CVSS8.2AI score0.00656EPSS
CVE
CVEadded 2012/07/03 10:55 p.m.33 views

CVE-2012-3835

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not prope...

4.3CVSS5.8AI score0.07316EPSS
CVE
CVEadded 2014/08/21 2:55 p.m.33 views

CVE-2014-5383

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS8.2AI score0.24661EPSS
CVE
CVEadded 2009/12/21 4:30 p.m.32 views

CVE-2009-4375

SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

7.5CVSS8.4AI score0.00171EPSS
CVE
CVEadded 2013/08/15 8:55 p.m.32 views

CVE-2013-5300

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section param...

4.3CVSS5.9AI score0.00686EPSS
CVE
CVEadded 2014/06/18 7:55 p.m.32 views

CVE-2014-4151

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.

10CVSS7.7AI score0.1138EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.32 views

CVE-2015-4045

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.

7.2CVSS6.5AI score0.00062EPSS
CVE
CVEadded 2014/08/21 2:55 p.m.29 views

CVE-2014-5158

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

10CVSS7.9AI score0.05486EPSS
CVE
CVEadded 2014/08/21 2:55 p.m.24 views

CVE-2014-5159

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

7.5CVSS8.7AI score0.00366EPSS