Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alienvault ossim vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2009-3439
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) prior to 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) reposito...
Alienvault Ossim 1.0.6
Alienvault Ossim 1.0.4
Alienvault Ossim 2.1
Alienvault Ossim
1 EDB exploit
5
CVSSv2
CVE-2009-3441
Open Source Security Information Management (OSSIM) prior to 2.1.2 allows remote malicious users to bypass authentication, and read graphs or infrastructure information, via a direct request to (1) graphs/alarms_events.php or (2) host/draw_tree.php.
Alienvault Ossim
Alienvault Ossim 1.0.6
Alienvault Ossim 1.0.4
4.3
CVSSv2
CVE-2009-3440
Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) prior to 2.1.2 allows remote malicious users to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).
Alienvault Ossim 1.0.6
Alienvault Ossim 1.0.4
Alienvault Ossim
1 EDB exploit
7.5
CVSSv2
CVE-2016-7955
The logcheck function in session.inc in AlienVault OSSIM prior to 5.3.1, when an action has been created, and USM prior to 5.3.1 allows remote malicious users to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code...
Alienvault Unified Security Management
Alienvault Ossim
4.6
CVSSv2
CVE-2017-6970
AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
Alienvault Unified Security Management
Alienvault Ossim
Nfsen Nfsen
1 EDB exploit
9
CVSSv2
CVE-2017-6971
AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
Alienvault Ossim
Alienvault Unified Security Management
Nfsen Nfsen
1 EDB exploit
1 Github repository
10
CVSSv2
CVE-2017-6972
AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
Alienvault Ossim
Alienvault Unified Security Management
Nfsen Nfsen
1 EDB exploit
5
CVSSv2
CVE-2020-22650
A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.
Att Alienvault Ossim 5.0
10
CVSSv2
CVE-2014-3804
The av-centerd SOAP service in AlienVault OSSIM prior to 4.7.0 allows remote malicious users to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip requ...
Alienvault Open Source Security Information Management 4.6
Alienvault Open Source Security Information Management 4.5
Alienvault Open Source Security Information Management 4.4
Alienvault Open Source Security Information Management 4.2
Alienvault Open Source Security Information Management 4.2.2
Alienvault Open Source Security Information Management 4.0.4
Alienvault Open Source Security Information Management 4.1
Alienvault Open Source Security Information Management 4.3.1
Alienvault Open Source Security Information Management 4.3.2
Alienvault Open Source Security Information Management 4.0
Alienvault Open Source Security Information Management
Alienvault Open Source Security Information Management 4.1.2
Alienvault Open Source Security Information Management 4.1.3
Alienvault Open Source Security Information Management 4.3.3
Alienvault Open Source Security Information Management 4.0.3
Alienvault Open Source Security Information Management 4.2.3
Alienvault Open Source Security Information Management 4.3
2 EDB exploits
10
CVSSv2
CVE-2014-3805
The av-centerd SOAP service in AlienVault OSSIM prior to 4.7.0 allows remote malicious users to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
Alienvault Open Source Security Information Management
Alienvault Open Source Security Information Management 4.6
Alienvault Open Source Security Information Management 4.1.2
Alienvault Open Source Security Information Management 4.1.3
Alienvault Open Source Security Information Management 4.2
Alienvault Open Source Security Information Management 4.3.3
Alienvault Open Source Security Information Management 4.0.3
Alienvault Open Source Security Information Management 4.3
Alienvault Open Source Security Information Management 4.3.1
Alienvault Open Source Security Information Management 4.0
Alienvault Open Source Security Information Management 4.0.4
Alienvault Open Source Security Information Management 4.1
Alienvault Open Source Security Information Management 4.3.2
Alienvault Open Source Security Information Management 4.5
Alienvault Open Source Security Information Management 4.4
Alienvault Open Source Security Information Management 4.2.2
Alienvault Open Source Security Information Management 4.2.3
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »