Skip to main content

Open Source Security Information Management

17 CVEs product

Monthly

CVE-2018-7279 CRITICAL Act Now

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Open Source Security Information Management Unified Security Management
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2015-4046 HIGH POC PATCH This Week

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Command Injection Open Source Security Information Management
NVD
CVSS 3.0
7.2
EPSS
6.2%
CVE-2015-4045 MEDIUM POC PATCH This Month

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Open Source Security Information Management
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2014-5383 MEDIUM POC THREAT This Month

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.9%.

SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
28.9%
CVE-2014-5210 CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
17.0%
Threat
4.0
CVE-2014-5159 HIGH This Week

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Open Source Security Information Management
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5158 CRITICAL Act Now

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
CVSS 2.0
10.0
EPSS
5.5%
CVE-2014-4153 HIGH POC This Week

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
7.1%
CVE-2014-4152 CRITICAL Act Now

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2014-4151 CRITICAL Act Now

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2014-3805 CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.5%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
36.5%
Threat
4.6
CVE-2014-3804 CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
79.3%
Threat
5.9
CVE-2013-5967 HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
35.3%
Threat
4.1
CVE-2013-5321 HIGH POC This Week

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-5300 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Open Source Security Information Management
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2012-3835 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.6%.

PHP XSS Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
26.6%
CVE-2012-3834 MEDIUM POC This Month

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.2%
EPSS 2% CVSS 9.8
CRITICAL Act Now

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Open Source Security Information Management Unified Security Management
NVD
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Command Injection Open Source Security Information Management
NVD
EPSS 0% CVSS 6.7
MEDIUM POC PATCH This Month

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Open Source Security Information Management
NVD
EPSS 29% CVSS 6.5
MEDIUM POC THREAT This Month

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.9%.

SQLi Open Source Security Information Management
NVD Exploit-DB
EPSS 17% 4.0 CVSS 10.0
CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Open Source Security Information Management
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
EPSS 7% CVSS 7.8
HIGH POC This Week

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Source Security Information Management
NVD Exploit-DB
EPSS 11% CVSS 10.0
CRITICAL Act Now

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
EPSS 11% CVSS 10.0
CRITICAL Act Now

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
EPSS 37% 4.6 CVSS 10.0
CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.5%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
EPSS 79% 5.9 CVSS 10.0
CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
EPSS 35% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Open Source Security Information Management
NVD
EPSS 27% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.6%.

PHP XSS Open Source Security Information Management
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy