Open Source Security Information Management@2.1.5 Security Vulnerabilities and Issues — Open Source Security Information Management@2.1.5 CVE List

Lucene search

AlienvaultOpen Source Security Information Management2.1.5

9 matches found

CVE•added 2014/08/21 2:55 p.m.•65 views

CVE-2014-5210

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

10CVSS7.3AI score0.80424EPSS

CVE•added 2013/10/09 2:54 p.m.•42 views

CVE-2013-5967

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-...

7.5CVSS8.8AI score0.00304EPSS

CVE•added 2009/12/21 4:30 p.m.•41 views

CVE-2009-4373

Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, the...

7.5CVSS7.8AI score0.02379EPSS

CVE•added 2009/12/21 4:30 p.m.•34 views

CVE-2009-4372

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_gra...

7.5CVSS7.7AI score0.08824EPSS

CVE•added 2014/08/21 2:55 p.m.•33 views

CVE-2014-5383

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS8.2AI score0.24661EPSS

CVE•added 2009/12/21 4:30 p.m.•32 views

CVE-2009-4375

SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

7.5CVSS8.4AI score0.00171EPSS

CVE•added 2013/08/15 8:55 p.m.•32 views

CVE-2013-5300

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section param...

4.3CVSS5.9AI score0.00686EPSS

CVE•added 2014/08/21 2:55 p.m.•29 views

CVE-2014-5158

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

10CVSS7.9AI score0.05486EPSS

CVE•added 2014/08/21 2:55 p.m.•24 views

CVE-2014-5159

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

7.5CVSS8.7AI score0.00366EPSS