VYPR

Ossim

by Alienvault

CVEs (34)

  • CVE-2012-3834Jul 3, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

  • CVE-2009-4375Dec 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

  • CVE-2009-4372Dec 21, 2009
    risk 0.03cvss epss 0.05

    AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3)…

  • CVE-2009-3440Sep 28, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).

  • CVE-2009-3439Sep 28, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3)…

  • CVE-2014-4151Jun 18, 2014
    risk 0.01cvss epss 0.07

    The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.

  • CVE-2020-22650Jul 19, 2021
    risk 0.00cvss epss 0.01

    A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.

  • CVE-2014-5159Aug 21, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

  • CVE-2014-5158Aug 21, 2014
    risk 0.00cvss epss 0.04

    The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2014-4152Jun 18, 2014
    risk 0.00cvss epss 0.06

    The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

  • CVE-2013-5300Aug 15, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php;…

  • CVE-2009-4374Dec 21, 2009
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in…

  • CVE-2009-4373Dec 21, 2009
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an…

  • CVE-2009-3441Sep 28, 2009
    risk 0.00cvss epss 0.02

    Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.

Page 2 of 2