Ossim
by Alienvault
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3834 | 0.03 | — | 0.01 | Jul 3, 2012 | SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | |||
| CVE-2009-4375 | 0.03 | — | 0.01 | Dec 21, 2009 | SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter. | |||
| CVE-2009-4372 | 0.03 | — | 0.05 | Dec 21, 2009 | AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3)… | |||
| CVE-2009-3440 | 0.03 | — | 0.01 | Sep 28, 2009 | Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu). | |||
| CVE-2009-3439 | 0.03 | — | 0.01 | Sep 28, 2009 | Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3)… | |||
| CVE-2014-4151 | 0.01 | — | 0.07 | Jun 18, 2014 | The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. | |||
| CVE-2020-22650 | 0.00 | — | 0.01 | Jul 19, 2021 | A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events. | |||
| CVE-2014-5159 | 0.00 | — | 0.01 | Aug 21, 2014 | SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||
| CVE-2014-5158 | 0.00 | — | 0.04 | Aug 21, 2014 | The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-4152 | 0.00 | — | 0.06 | Jun 18, 2014 | The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. | |||
| CVE-2013-5300 | 0.00 | — | 0.02 | Aug 15, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php;… | |||
| CVE-2009-4374 | 0.00 | — | 0.02 | Dec 21, 2009 | Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in… | |||
| CVE-2009-4373 | 0.00 | — | 0.03 | Dec 21, 2009 | Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an… | |||
| CVE-2009-3441 | 0.00 | — | 0.02 | Sep 28, 2009 | Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php. |
- CVE-2012-3834Jul 3, 2012risk 0.03cvss —epss 0.01
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
- CVE-2009-4375Dec 21, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
- CVE-2009-4372Dec 21, 2009risk 0.03cvss —epss 0.05
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3)…
- CVE-2009-3440Sep 28, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).
- CVE-2009-3439Sep 28, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3)…
- CVE-2014-4151Jun 18, 2014risk 0.01cvss —epss 0.07
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
- CVE-2020-22650Jul 19, 2021risk 0.00cvss —epss 0.01
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
- CVE-2014-5159Aug 21, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
- CVE-2014-5158Aug 21, 2014risk 0.00cvss —epss 0.04
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
- CVE-2014-4152Jun 18, 2014risk 0.00cvss —epss 0.06
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
- CVE-2013-5300Aug 15, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php;…
- CVE-2009-4374Dec 21, 2009risk 0.00cvss —epss 0.02
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in…
- CVE-2009-4373Dec 21, 2009risk 0.00cvss —epss 0.03
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an…
- CVE-2009-3441Sep 28, 2009risk 0.00cvss —epss 0.02
Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.
Page 2 of 2