Vulnerabilites related to alienvault - open_source_security_information_management
CVE-2014-3804 (GCVE-0-2014-3804)
Vulnerability from cvelistv5
Published
2014-06-13 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
References
| ▼ | URL | Tags |
|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-14-200/ | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-14-202/ | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-14-197/ | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-14-196/ | x_refsource_MISC | |
| http://forums.alienvault.com/discussion/2690 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/42708/ | exploit, x_refsource_EXPLOIT-DB | |
| http://zerodayinitiative.com/advisories/ZDI-14-201/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-200/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-202/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-197/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-196/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "42708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42708/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-201/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-200/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-202/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-197/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-196/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "42708",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42708/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-201/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-200/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-200/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-202/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-202/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-197/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-197/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-196/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-196/"
},
{
"name": "http://forums.alienvault.com/discussion/2690",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "42708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42708/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-201/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-201/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3804",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4045 (GCVE-0-2015-4045)
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74791 | vdb-entry, x_refsource_BID | |
| https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf | x_refsource_MISC | |
| https://www.alienvault.com/forums/discussion/5127/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74791",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74791",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74791"
},
{
"name": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf",
"refsource": "MISC",
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"name": "https://www.alienvault.com/forums/discussion/5127/",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4045",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2015-05-19T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5300 (GCVE-0-2013-5300)
Vulnerability from cvelistv5
Published
2013-08-15 20:00
Modified
2024-08-06 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/show/osvdb/95814 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/show/osvdb/95818 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/54264 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/show/osvdb/95816 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://secunia.com/advisories/54287 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/61456 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/show/osvdb/95813 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85994 | vdb-entry, x_refsource_XF | |
| http://forums.alienvault.com/discussion/1609/patch-release-4-3-1 | x_refsource_MISC | |
| http://www.osvdb.org/show/osvdb/95817 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95814",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/show/osvdb/95814"
},
{
"name": "95818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/show/osvdb/95818"
},
{
"name": "54264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54264"
},
{
"name": "95816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/show/osvdb/95816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html"
},
{
"name": "54287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54287"
},
{
"name": "61456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61456"
},
{
"name": "95813",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/show/osvdb/95813"
},
{
"name": "alienvault-ossim-multiple-xss(85994)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1"
},
{
"name": "95817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/show/osvdb/95817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95814",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/show/osvdb/95814"
},
{
"name": "95818",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/show/osvdb/95818"
},
{
"name": "54264",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54264"
},
{
"name": "95816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/show/osvdb/95816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html"
},
{
"name": "54287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54287"
},
{
"name": "61456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61456"
},
{
"name": "95813",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/show/osvdb/95813"
},
{
"name": "alienvault-ossim-multiple-xss(85994)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1"
},
{
"name": "95817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/show/osvdb/95817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95814",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/show/osvdb/95814"
},
{
"name": "95818",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/show/osvdb/95818"
},
{
"name": "54264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54264"
},
{
"name": "95816",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/show/osvdb/95816"
},
{
"name": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html"
},
{
"name": "54287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54287"
},
{
"name": "61456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61456"
},
{
"name": "95813",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/show/osvdb/95813"
},
{
"name": "alienvault-ossim-multiple-xss(85994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994"
},
{
"name": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1",
"refsource": "MISC",
"url": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1"
},
{
"name": "95817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/show/osvdb/95817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5300",
"datePublished": "2013-08-15T20:00:00",
"dateReserved": "2013-08-15T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4372 (GCVE-0-2009-4372)
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54843 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/61151 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/37727 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.alienvault.com/community.php?section=News | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37375 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/61152 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/61153 | vdb-entry, x_refsource_OSVDB | |
| http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf | x_refsource_MISC | |
| http://osvdb.org/61154 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/10480 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/61155 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ossim-uniqueid-command-execution(54843)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843"
},
{
"name": "61151",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61151"
},
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "37375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37375"
},
{
"name": "61152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61152"
},
{
"name": "61153",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61153"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf"
},
{
"name": "61154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61154"
},
{
"name": "10480",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10480"
},
{
"name": "61155",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ossim-uniqueid-command-execution(54843)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843"
},
{
"name": "61151",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61151"
},
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "37375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37375"
},
{
"name": "61152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61152"
},
{
"name": "61153",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61153"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf"
},
{
"name": "61154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61154"
},
{
"name": "10480",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10480"
},
{
"name": "61155",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ossim-uniqueid-command-execution(54843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843"
},
{
"name": "61151",
"refsource": "OSVDB",
"url": "http://osvdb.org/61151"
},
{
"name": "37727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37727"
},
{
"name": "http://www.alienvault.com/community.php?section=News",
"refsource": "CONFIRM",
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "37375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37375"
},
{
"name": "61152",
"refsource": "OSVDB",
"url": "http://osvdb.org/61152"
},
{
"name": "61153",
"refsource": "OSVDB",
"url": "http://osvdb.org/61153"
},
{
"name": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf"
},
{
"name": "61154",
"refsource": "OSVDB",
"url": "http://osvdb.org/61154"
},
{
"name": "10480",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10480"
},
{
"name": "61155",
"refsource": "OSVDB",
"url": "http://osvdb.org/61155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4372",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4046 (GCVE-0-2015-4046)
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74795 | vdb-entry, x_refsource_BID | |
| https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf | x_refsource_MISC | |
| https://www.alienvault.com/forums/discussion/5127/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74795"
},
{
"name": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf",
"refsource": "MISC",
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"name": "https://www.alienvault.com/forums/discussion/5127/",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4046",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2015-05-19T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3834 (GCVE-0-2012-3834)
Vulnerability from cvelistv5
Published
2012-07-03 22:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53331 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/18800 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/49005 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt | x_refsource_MISC | |
| http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75290 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:03.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"name": "18800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"name": "49005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"name": "alienvault-baseqrymain-sql-injection(75290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"name": "18800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"name": "49005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"name": "alienvault-baseqrymain-sql-injection(75290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53331"
},
{
"name": "18800",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"name": "49005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49005"
},
{
"name": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt",
"refsource": "MISC",
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"name": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"name": "alienvault-baseqrymain-sql-injection(75290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3834",
"datePublished": "2012-07-03T22:00:00",
"dateReserved": "2012-07-03T00:00:00",
"dateUpdated": "2024-08-06T20:21:03.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4153 (GCVE-0-2014-4153)
Vulnerability from cvelistv5
Published
2014-06-18 19:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.alienvault.com/discussion/2806 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-207/ | x_refsource_MISC | |
| http://secunia.com/advisories/59112 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
},
{
"name": "59112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
},
{
"name": "59112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.alienvault.com/discussion/2806",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
},
{
"name": "59112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4153",
"datePublished": "2014-06-18T19:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5210 (GCVE-0-2014-5210)
Vulnerability from cvelistv5
Published
2014-08-21 14:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69239 | vdb-entry, x_refsource_BID | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-294/ | x_refsource_MISC | |
| http://forums.alienvault.com/discussion/2690 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-295/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-294/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-295/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-21T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-294/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-295/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69239"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-294/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-294/"
},
{
"name": "http://forums.alienvault.com/discussion/2690",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-295/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-295/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5210",
"datePublished": "2014-08-21T14:00:00",
"dateReserved": "2014-08-13T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5158 (GCVE-0-2014-5158)
Vulnerability from cvelistv5
Published
2014-08-21 14:00
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-14-273/ | x_refsource_MISC | |
| http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-272/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-273/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-272/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-21T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-273/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-272/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-273/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-273/"
},
{
"name": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-272/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-272/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5158",
"datePublished": "2014-08-21T14:00:00",
"dateReserved": "2014-07-31T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5321 (GCVE-0-2013-5321)
Vulnerability from cvelistv5
Published
2013-08-20 14:00
Modified
2024-09-16 23:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/26406 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26406",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/26406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-20T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26406",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/26406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26406",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/26406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5321",
"datePublished": "2013-08-20T14:00:00Z",
"dateReserved": "2013-08-20T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:21.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4152 (GCVE-0-2014-4152)
Vulnerability from cvelistv5
Published
2014-06-18 19:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.alienvault.com/discussion/2806 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-206/ | x_refsource_MISC | |
| http://secunia.com/advisories/59112 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-206/"
},
{
"name": "59112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-206/"
},
{
"name": "59112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.alienvault.com/discussion/2806",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-206/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-206/"
},
{
"name": "59112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4152",
"datePublished": "2014-06-18T19:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3835 (GCVE-0-2012-3835)
Vulnerability from cvelistv5
Published
2012-07-03 22:00
Modified
2024-08-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53331 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/18800 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/49005 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt | x_refsource_MISC | |
| http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75297 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:03.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"name": "18800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"name": "49005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"name": "alienvault-multiple-xss(75297)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"name": "18800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"name": "49005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"name": "alienvault-multiple-xss(75297)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53331"
},
{
"name": "18800",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"name": "49005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49005"
},
{
"name": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt",
"refsource": "MISC",
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"name": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"name": "alienvault-multiple-xss(75297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3835",
"datePublished": "2012-07-03T22:00:00",
"dateReserved": "2012-07-03T00:00:00",
"dateUpdated": "2024-08-06T20:21:03.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5383 (GCVE-0-2014-5383)
Vulnerability from cvelistv5
Published
2014-08-21 14:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.alienvault.com/discussion/2690 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/67312 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "67312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "67312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.alienvault.com/discussion/2690",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "67312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5383",
"datePublished": "2014-08-21T14:00:00",
"dateReserved": "2014-08-21T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5967 (GCVE-0-2013-5967)
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-09-16 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/62790 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/ref/97/ossim-sql.txt | x_refsource_MISC | |
| http://osvdb.org/98052 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/97/ossim-sql.txt"
},
{
"name": "98052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-09T14:44:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/97/ossim-sql.txt"
},
{
"name": "98052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62790"
},
{
"name": "http://osvdb.org/ref/97/ossim-sql.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/97/ossim-sql.txt"
},
{
"name": "98052",
"refsource": "OSVDB",
"url": "http://osvdb.org/98052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5967",
"datePublished": "2013-10-09T14:44:00Z",
"dateReserved": "2013-09-30T00:00:00Z",
"dateUpdated": "2024-09-16T18:43:56.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7279 (GCVE-0-2018-7279)
Vulnerability from cvelistv5
Published
2018-03-14 13:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update"
},
{
"name": "https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7279",
"datePublished": "2018-03-14T13:00:00",
"dateReserved": "2018-02-20T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6056 (GCVE-0-2013-6056)
Vulnerability from cvelistv5
Published
2020-01-27 14:01
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/plugins/nessus/76122 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/76122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:01:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/76122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/plugins/nessus/76122",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/76122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6056",
"datePublished": "2020-01-27T14:01:24",
"dateReserved": "2013-10-09T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3805 (GCVE-0-2014-3805)
Vulnerability from cvelistv5
Published
2014-06-13 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42709/ | exploit, x_refsource_EXPLOIT-DB | |
| http://zerodayinitiative.com/advisories/ZDI-14-199/ | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-14-204/ | x_refsource_MISC | |
| http://forums.alienvault.com/discussion/2690 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-14-198/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42709",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42709/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-199/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-204/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-198/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42709",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42709/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-199/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-204/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-198/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42709",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42709/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-199/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-199/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-204/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-204/"
},
{
"name": "http://forums.alienvault.com/discussion/2690",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-14-198/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-198/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3805",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4374 (GCVE-0-2009-4374)
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-09-17 01:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37727 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf | x_refsource_MISC | |
| http://www.alienvault.com/community.php?section=News | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.alienvault.com/community.php?section=News"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-21T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.alienvault.com/community.php?section=News"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37727"
},
{
"name": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
},
{
"name": "http://www.alienvault.com/community.php?section=News",
"refsource": "MISC",
"url": "http://www.alienvault.com/community.php?section=News"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4374",
"datePublished": "2009-12-21T16:00:00Z",
"dateReserved": "2009-12-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:50:58.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5159 (GCVE-0-2014-5159)
Vulnerability from cvelistv5
Published
2014-08-21 14:00
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-271/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-271/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-21T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-271/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-271/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-271/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5159",
"datePublished": "2014-08-21T14:00:00",
"dateReserved": "2014-07-31T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4151 (GCVE-0-2014-4151)
Vulnerability from cvelistv5
Published
2014-06-18 19:00
Modified
2024-08-06 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.alienvault.com/discussion/2806 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-205/ | x_refsource_MISC | |
| http://secunia.com/advisories/59112 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-205/"
},
{
"name": "59112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-205/"
},
{
"name": "59112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.alienvault.com/discussion/2806",
"refsource": "CONFIRM",
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-205/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-205/"
},
{
"name": "59112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4151",
"datePublished": "2014-06-18T19:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:28.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4373 (GCVE-0-2009-4373)
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-09-16 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37727 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.alienvault.com/community.php?section=News | x_refsource_CONFIRM | |
| http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-21T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37727"
},
{
"name": "http://www.alienvault.com/community.php?section=News",
"refsource": "CONFIRM",
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4373",
"datePublished": "2009-12-21T16:00:00Z",
"dateReserved": "2009-12-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:56.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4375 (GCVE-0-2009-4375)
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-09-16 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf | x_refsource_MISC | |
| http://secunia.com/advisories/37727 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.alienvault.com/community.php?section=News | x_refsource_CONFIRM | |
| http://www.osvdb.org/61149 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf"
},
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "61149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-21T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf"
},
{
"name": "37727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "61149",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf"
},
{
"name": "37727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37727"
},
{
"name": "http://www.alienvault.com/community.php?section=News",
"refsource": "CONFIRM",
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"name": "61149",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4375",
"datePublished": "2009-12-21T16:00:00Z",
"dateReserved": "2009-12-21T00:00:00Z",
"dateUpdated": "2024-09-16T16:47:39.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-03-14 13:29
Modified
2024-11-21 04:11
Severity ?
Summary
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | * | |
| alienvault | unified_security_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB539EA9-A0C3-4EE3-9037-40D46AC79ED9",
"versionEndExcluding": "5.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B547E503-B412-4959-B2D7-772B0A3D6EF9",
"versionEndExcluding": "5.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de ejecuci\u00f3n remota de c\u00f3digo en AlienVault USM y OSSIM en versiones anteriores a la 5.5.1."
}
],
"id": "CVE-2018-7279",
"lastModified": "2024-11-21T04:11:55.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T13:29:00.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/17155/alienvault-v5-5-1-hotfix-important-update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/17204/security-advisory-alienvault-v5-5-1-resolves-critical-vulnerability"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-13 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7623E6-C31A-4B94-84A7-44B4E15E4EC9",
"versionEndIncluding": "4.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A075A304-E945-466A-BD6F-687DB4E0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFBEEE-B52E-4D69-8A01-DE55080838AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C8686-878D-49DD-B1E9-842265B34306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804."
},
{
"lang": "es",
"value": "El servicio av-centerd SOAP en AlienVault OSSIM anterior a 4.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de una solicitud (1) get_license, (2) get_log_line o (3) update_system/upgrade_pro_web manipulada, una vulnerabilidad diferente a CVE-2014-3804."
}
],
"id": "CVE-2014-3805",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-13T14:55:15.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-198/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-199/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-204/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42709/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-198/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-199/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-204/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42709/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-18 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B04249B5-CCF5-40D7-ADBE-54958839EB83",
"versionEndIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59510261-E3C1-42A7-B160-AD817429AC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request."
},
{
"lang": "es",
"value": "El servicio av-centerd SOAP en AlienVault OSSIM anterior a 4.8.0 permite a atacantes remotos crear ficheros arbitrarios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud set_file manipulada."
}
],
"id": "CVE-2014-4151",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-18T19:55:06.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59112"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-205/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-205/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-15 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "856A68C8-45EE-4C34-9019-BFD4C1D09567",
"versionEndIncluding": "4.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC1742C-AED7-43E4-8E32-B42D1667BF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F80E48B-F0E1-4B27-95AC-0E51C9226BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457DBA44-C1F8-41F5-9D52-CCC08E5091A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC70AC-29B9-417E-A57C-9DB28D40FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E268F-F5F8-46DC-B84D-B59B266B0107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B7761-3BA5-4840-9DCA-67F779A54258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7CC06-1627-4B3C-91CC-E54033418157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en AlienVault Open Source Security Information Management (OSSIM) anterior a v4.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro \u201cwithoutmenu\u201d en (1) vulnmeter/index.php o (2) vulnmeter/sched.php; el par\u00e1metro \u201csection\u201d en av_inventory/task_edit.php; el par\u00e1metro (4) \u201cprofile\u201d en nfsen/rrdgraph.php; o los par\u00e1metros (5) \u201cscan_server\u201d o (6) \u201ctargets\u201d en vulnmeter/simulate.php."
}
],
"id": "CVE-2013-5300",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-15T20:55:03.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54264"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54287"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/show/osvdb/95813"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/show/osvdb/95814"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/show/osvdb/95816"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/show/osvdb/95817"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/show/osvdb/95818"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61456"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.alienvault.com/discussion/1609/patch-release-4-3-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/122547/Alienvault-OSSIM-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/show/osvdb/95813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/show/osvdb/95814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/show/osvdb/95816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/show/osvdb/95817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/show/osvdb/95818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-18 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B04249B5-CCF5-40D7-ADBE-54958839EB83",
"versionEndIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59510261-E3C1-42A7-B160-AD817429AC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key."
},
{
"lang": "es",
"value": "El servicio av-centerd SOAP en AlienVault OSSIM anterior a 4.8.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud remote_task manipulada, relacionado con inyectar una clave p\u00fablica de ssh."
}
],
"id": "CVE-2014-4152",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-18T19:55:06.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59112"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-206/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-206/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-21 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7623E6-C31A-4B94-84A7-44B4E15E4EC9",
"versionEndIncluding": "4.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC1742C-AED7-43E4-8E32-B42D1667BF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F80E48B-F0E1-4B27-95AC-0E51C9226BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457DBA44-C1F8-41F5-9D52-CCC08E5091A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC70AC-29B9-417E-A57C-9DB28D40FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E268F-F5F8-46DC-B84D-B59B266B0107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B7761-3BA5-4840-9DCA-67F779A54258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7CC06-1627-4B3C-91CC-E54033418157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A075A304-E945-466A-BD6F-687DB4E0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFBEEE-B52E-4D69-8A01-DE55080838AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C8686-878D-49DD-B1E9-842265B34306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805."
},
{
"lang": "es",
"value": "El servicio av-centerd SOAP en AlienVault OSSIM anterior a 4.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de una solicitud (1) remote_task or (2) get_license manipulada, una vulnerabilidad diferente a CVE-2014-3804 y CVE-2014-3805."
}
],
"id": "CVE-2014-5210",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-21T14:55:05.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69239"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-294/"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-295/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-294/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-295/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 14:54
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E24AEE-9EA1-4EE4-8D56-CD8B4638D5FB",
"versionEndIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC1742C-AED7-43E4-8E32-B42D1667BF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F80E48B-F0E1-4B27-95AC-0E51C9226BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457DBA44-C1F8-41F5-9D52-CCC08E5091A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC70AC-29B9-417E-A57C-9DB28D40FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E268F-F5F8-46DC-B84D-B59B266B0107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B7761-3BA5-4840-9DCA-67F779A54258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7CC06-1627-4B3C-91CC-E54033418157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en AlienVault Open Source Security Information Management (OSSIM) 4.3 y anteriores versiones permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro date_from hacia (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, o (5) radar-pci-potential.php en RadarReport/."
}
],
"id": "CVE-2013-5967",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-09T14:54:26.810",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/98052"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/ref/97/ossim-sql.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/62790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/98052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/ref/97/ossim-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62790"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-21 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8514B184-CDC1-47FC-A742-FCC8F7068146",
"versionEndIncluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en repository/repository_attachment.php en AlienVault Open Source Security Information Management (OSSIM) v2.1.5, y posiblemente otras versiones anteriores a v2.1.5-4, permite a atacantes remotos subir ficheros en directorios de su elecci\u00f3n mediante los caracteres .. (punto punto) en el par\u00e1metro \"id_document\"."
}
],
"id": "CVE-2009-4374",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-21 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74BC0672-C506-4E6F-8998-5DC84AD46935",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC1742C-AED7-43E4-8E32-B42D1667BF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F80E48B-F0E1-4B27-95AC-0E51C9226BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457DBA44-C1F8-41F5-9D52-CCC08E5091A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC70AC-29B9-417E-A57C-9DB28D40FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E268F-F5F8-46DC-B84D-B59B266B0107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B7761-3BA5-4840-9DCA-67F779A54258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7CC06-1627-4B3C-91CC-E54033418157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A075A304-E945-466A-BD6F-687DB4E0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFBEEE-B52E-4D69-8A01-DE55080838AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C8686-878D-49DD-B1E9-842265B34306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "(1) El servicio av-centerd SOAP y (2) el comando backup en el servicio ossim-framework en AlienVault OSSIM anterior a 4.6.0 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-5158",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-21T14:55:05.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-272/"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-273/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-272/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-273/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-18 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B04249B5-CCF5-40D7-ADBE-54958839EB83",
"versionEndIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59510261-E3C1-42A7-B160-AD817429AC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request."
},
{
"lang": "es",
"value": "El servicio av-centerd SOAP en AlienVault OSSIM anterior a 4.8.0 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de una solicitud get_file manipulada."
}
],
"id": "CVE-2014-4153",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-18T19:55:06.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59112"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-207/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 15:15
Modified
2024-11-21 01:58
Severity ?
Summary
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.tenable.com/plugins/nessus/76122 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/plugins/nessus/76122 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C86D13-14D4-4C7D-8D15-12478DB421BF",
"versionEndExcluding": "4.3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability"
},
{
"lang": "es",
"value": "OSSIM versiones anteriores a 4.3.3.1, presenta una vulnerabilidad de salto de ruta del archivo tele_compress.php."
}
],
"id": "CVE-2013-6056",
"lastModified": "2024-11-21T01:58:42.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/76122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/76122"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-21 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74BC0672-C506-4E6F-8998-5DC84AD46935",
"versionEndIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC1742C-AED7-43E4-8E32-B42D1667BF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F80E48B-F0E1-4B27-95AC-0E51C9226BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457DBA44-C1F8-41F5-9D52-CCC08E5091A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC70AC-29B9-417E-A57C-9DB28D40FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E268F-F5F8-46DC-B84D-B59B266B0107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B7761-3BA5-4840-9DCA-67F779A54258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7CC06-1627-4B3C-91CC-E54033418157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A075A304-E945-466A-BD6F-687DB4E0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFBEEE-B52E-4D69-8A01-DE55080838AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C8686-878D-49DD-B1E9-842265B34306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el servicio ossim-framework en AlienVault OSSIM anterior a 4.6.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ws_data."
}
],
"id": "CVE-2014-5159",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-21T14:55:05.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-271/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2559/security-advisory-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-271/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-21 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | 2.1.5 | |
| alienvault | open_source_security_information_management | 2.1.5-1 | |
| alienvault | open_source_security_information_management | 2.1.5-2 | |
| alienvault | open_source_security_information_management | 2.1.5-3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/."
},
{
"lang": "es",
"value": "AlienVault Open Source Security Information Management (OSSIM) v2.1.5, y posiblemente otras versiones anteriores a v2.1.5-4, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante metacaracteres del interprete de comandos en el par\u00e1metro \"uniqueid\" en (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, y (5) storage_graphs4.php en sem/."
}
],
"id": "CVE-2009-4372",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61151"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61152"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61153"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61154"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61155"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/10480"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37375"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/10480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-13 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7623E6-C31A-4B94-84A7-44B4E15E4EC9",
"versionEndIncluding": "4.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A075A304-E945-466A-BD6F-687DB4E0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFBEEE-B52E-4D69-8A01-DE55080838AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C8686-878D-49DD-B1E9-842265B34306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805."
},
{
"lang": "es",
"value": "El servicio av-centerd SOAP en AlienVault OSSIM anterior a 4.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de una solicitud (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver o (5) set_ossim_setup framework_ip manipulada, una vulnerabilidad diferente a CVE-2014-3805."
}
],
"id": "CVE-2014-3804",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-13T14:55:15.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-196/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-197/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-200/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-201/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-202/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42708/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-196/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-14-197/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-201/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-14-202/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42708/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-20 14:56
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de inyecci\u00f3n SQL en AlienVault Open Source Security Information Management (OSSIM) 4.1 permite a atacantes remotos ejecutar secuencias de comandos SQL a trav\u00e9s del (1) par\u00e1metro sensor en una aci\u00f3n Query a forensics/base_qry_main.php; los par\u00e1metros (2) tcp_flags[] or(3) tcp_port[0][4] a forensics/base_stat_alerts.php; los par\u00e1metros (4) ip_addr[1][8] o (5) port_type a forensics/base_stat_ports.php; o los par\u00e1metros (6) sortby o (7) rvalue en una acci\u00f3n search a vulnmeter/index.php."
}
],
"id": "CVE-2013-5321",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-20T14:56:29.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/74791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.alienvault.com/forums/discussion/5127/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.alienvault.com/forums/discussion/5127/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E97658-3481-4E2E-9F00-9D71A4BFDD6A",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script."
},
{
"lang": "es",
"value": "El archivo sudoers en el scanner de activos en AlienVault OSSIM versiones anteriores a 5.0.1 permite a los usuarios locales obtener privilegios a trav\u00e9s de un script nmap."
}
],
"id": "CVE-2015-4045",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74791"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/74795 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.alienvault.com/forums/discussion/5127/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74795 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.alienvault.com/forums/discussion/5127/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E97658-3481-4E2E-9F00-9D71A4BFDD6A",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php."
},
{
"lang": "es",
"value": "El scanner de activos en AlienVault OSSIM versiones anteriores a 5.0.1 permite a usuarios autenticados remotos ejecutar comandos arbitrarios a trav\u00e9s del par\u00e1metro array de activos en netscan / do_scan.php."
}
],
"id": "CVE-2015-4046",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:00.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74795"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/uploads/media/default/0001/01/8c6a70098657b4474fe7abe9bcdd5e73b234b610.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.alienvault.com/forums/discussion/5127/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-21 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7623E6-C31A-4B94-84A7-44B4E15E4EC9",
"versionEndIncluding": "4.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC1742C-AED7-43E4-8E32-B42D1667BF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F80E48B-F0E1-4B27-95AC-0E51C9226BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457DBA44-C1F8-41F5-9D52-CCC08E5091A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AFC70AC-29B9-417E-A57C-9DB28D40FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1E268F-F5F8-46DC-B84D-B59B266B0107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B7761-3BA5-4840-9DCA-67F779A54258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27D7CC06-1627-4B3C-91CC-E54033418157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F699448-40D9-46AD-978E-19CFC27B5D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A841097-4529-44BF-802F-A6E7844110DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02991762-92A2-4E4A-AE1E-465470463BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A3CBE8E-080B-4F90-A2AE-8BAD6E64F8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEF05B6-7664-455A-98FA-A7E750867914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3AED6C-9982-4A47-957E-7E3AFACF9183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52F3C564-9BDF-4AB1-A289-6E89C7DDFA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1E42B1-70C8-4BFD-8727-D91BFC42BFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F401C06-FEF5-4EDB-9F60-A1D7D15C1930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A075A304-E945-466A-BD6F-687DB4E0CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EFBEEE-B52E-4D69-8A01-DE55080838AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9C8686-878D-49DD-B1E9-842265B34306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "826BA62F-D64D-4740-B39F-B5AD8B14C48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDAA1EB-D69E-4DDE-8931-92667C297AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D7C427-DF18-48CA-B337-8AFD35FBF68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57C05724-5D21-4D4D-B8A5-8B731250B5E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en AlienVault OSSIM anterior a 4.7.0 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-5383",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-21T14:55:05.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forums.alienvault.com/discussion/2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67312"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-21 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | 2.1.5 | |
| alienvault | open_source_security_information_management | 2.1.5-1 | |
| alienvault | open_source_security_information_management | 2.1.5-2 | |
| alienvault | open_source_security_information_management | 2.1.5-3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en repository/repository_attachment.php en AlienVault Open Source Security Information Management (OSSIM) v2.1.5, y posiblemente otras versiones anteriores a v2.1.5-4, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"id_document\"."
}
],
"id": "CVE-2009-4375",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/61149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_SQLi.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61149"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) v3.1, permite a usuarios autenticados remotamente ejecutar comandos SQL de sue elecci\u00f3n a trav\u00e9s del par\u00e1metro time[0][0]."
}
],
"id": "CVE-2012-3834",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-03T22:55:02.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49005"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ABC1EE-3E54-48AF-95C1-ED9790527545",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en AlienVault Open Source Security Information Management (OSSIM) v3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) url en top.php o (2) time[0][0] en forensics/base_qry_main.php, que no es manejada adecuadamente en la p\u00e1gina de error."
}
],
"id": "CVE-2012-3835",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-03T22:55:02.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49005"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75297"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-21 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alienvault | open_source_security_information_management | 2.1.5 | |
| alienvault | open_source_security_information_management | 2.1.5-1 | |
| alienvault | open_source_security_information_management | 2.1.5-2 | |
| alienvault | open_source_security_information_management | 2.1.5-3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC15D313-4971-429C-BE74-29D35830D87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC3013D-06C7-4FEA-83B2-70CB6DDF4F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-2:*:*:*:*:*:*:*",
"matchCriteriaId": "4442E047-9A5B-4C26-95E9-D4B21477BB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alienvault:open_source_security_information_management:2.1.5-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DD2C75-EF88-4A2D-B086-864AE0E9673B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de ficheros sin restricciones en repository/repository_attachment.php en AlienVault Open Source Security Information Management (OSSIM) v2.1.5, y posiblemente otras versiones anteriores a v2.1.5-4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n subiendo un fichero con extensi\u00f3n de ejecutable, y entonces accediendo mediante una petici\u00f3n directa al fichero en ossiminstall/uploads/."
}
],
"id": "CVE-2009-4373",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.alienvault.com/community.php?section=News"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5%20_Arbitrary_File_Upload.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}