5 matches found
CVE-2011-1597
CVE-2011-1597 affects OpenVAS Manager 2.0.3. The vulnerability is described as a plugin remote code execution flaw, exploitable over the network with low attack complexity and no user interaction required (per CVSS2/3 metrics). Impacted components are the OpenVAS plugin handling subsystem; root c...
CVE-2014-9220
CVE-2014-9220 is an SQL injection vulnerability in OpenVAS Manager prior to 4.0.6 and in 5.x prior to 5.0.7. The issue allows remote attackers to execute arbitrary SQL via the timezone parameter of a modify_schedule OMP command. The vulnerability is rated CVSS v2 base score 7.5 (HIGH). Affected v...
CVE-2011-0018
CVE-2011-0018 concerns the OpenVAS Manager command injection via the email function in manage_sql.c. Affected are OpenVAS Manager 1.0.x (up to 1.0.3) and 2.0.x (up to 2.0rc2). The root cause is insufficient validation of user-supplied data in OMP requests processed by Greenbone Security Assistant...
CVE-2012-5520
The CVE-2012-5520 issue affects OpenVAS Manager 3.x before 3.0.4, where the send_to_sourcefire function in manage_sql.c constructs a shell command using unvalidated user input (IP address and port) from OMP requests. This command injection could allow an attacker (authenticated OpenVAS Manager us...
CVE-2013-6765
OpenVAS Manager (and OpenVAS Administrator) vulnerabilities allow remote authentication bypass via crafted OMP/OAP requests. Affected are OpenVAS Manager 3.0.x before 3.0.7 and 4.0.x before 4.0.4; OpenVAS Administrator versions affected per OVSA advisory. Root cause: incorrect state handling in O...