Lucene search
K
AlienvaultOssim

7 matches found

CVE
CVE
added 2017/03/22 8:0 p.m.92 views

CVE-2017-6972

CVE-2017-6972 affects AlienVault USM/OSSIM before 5.3.7 and NfSen before 1.3.8, exposing a privilege-dropping bug that causes NfSen Perl components to run as root. Public exploit references (exploit-db entries 42314, 42305/42306) describe remote command execution and potential root access when ex...

10CVSS8.6AI score0.14603EPSS
CVE
CVE
added 2017/03/22 2:0 p.m.90 views

CVE-2017-6970

CVE-2017-6970 describes a local privilege escalation affecting NfSen 1.3.7 and AlienVault USM/OSSIM before 5.3.7/5.3.6. The issue arises from an OS command injection via the NfSen IPC UNIX domain socket , exploited by a web user (www-data) to execute crafted commands in the Perl components, ultim...

8.4CVSS8.2AI score0.01678EPSS
Web
CVE
CVE
added 2017/03/22 2:0 p.m.76 views

CVE-2017-6971

CVE-2017-6971 affects AlienVault USM/OSSIM before 5.3.7 and NfSen before 1.3.8. A remote authenticated attacker can trigger arbitrary commands (or a reverse shell) through crafted requests manipulating NfSen’s PHP code (notably nfsen.php) and the PHP session ID, achieving root-level execution on ...

9CVSS8.6AI score0.16179EPSS
Web
CVE
CVE
added 2009/09/28 10:0 p.m.55 views

CVE-2009-3441

OSSIM (Open Source Security Information Management) is affected by CVE-2009-3441. Before version 2.1.2, remote attackers can bypass authentication and read graphs or infrastructure information by directly requesting (1) graphs/alarms_events.php or (2) host/draw_tree.php. The vulnerability arises ...

5CVSS6.6AI score0.02287EPSS
CVE
CVE
added 2009/09/28 10:0 p.m.54 views

CVE-2009-3439

CVE-2009-3439 involves multiple SQL injection vulnerabilities in OSSIM prior to 2.1.2. Remote authenticated users can execute arbitrary SQL commands via parameters in several PHP scripts: repository_document.php, repository_links.php, repository_editdocument.php (repository/); policy/getpolicy.ph...

6.5CVSS8.1AI score0.00855EPSS
Web
CVE
CVE
added 2017/03/15 4:0 p.m.49 views

CVE-2016-7955

CVE-2016-7955 affects AlienVault OSSIM/USM prior to 5.3.1. The vulnerability resides in the logcheck function (session.inc); by crafting a specific value in the AV Report Scheduler HTTP User-Agent header, an unauthenticated remote attacker can bypass authentication and, as a result, obtain sensit...

9.8CVSS9.9AI score0.06407EPSS
Web
CVE
CVE
added 2009/09/28 10:0 p.m.46 views

CVE-2009-3440

The CVE-2009-3440 entry describes a Cross-Site Scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) prior to version 2.1.2. The issue arises from insufficient input validation on the option parameter of the default URI (the main menu), allowing remote attackers to ...

4.3CVSS5.7AI score0.01452EPSS