Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alienvault unified security management vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-7279
A remote code execution issue exists in AlienVault USM and OSSIM prior to 5.5.1.
Alienvault Unified Security Management
Alienvault Open Source Security Information Management
9.8
CVSSv3
CVE-2017-6972
AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
Alienvault Ossim
Alienvault Unified Security Management
Nfsen Nfsen
1 EDB exploit
9.8
CVSSv3
CVE-2016-7955
The logcheck function in session.inc in AlienVault OSSIM prior to 5.3.1, when an action has been created, and USM prior to 5.3.1 allows remote malicious users to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code...
Alienvault Ossim
Alienvault Unified Security Management
9.8
CVSSv3
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM prior to 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
2 EDB exploits
9.8
CVSSv3
CVE-2016-8582
A vulnerability exists in gauge.php of AlienVault OSSIM and USM prior to 5.3.2 that allows an malicious user to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
1 EDB exploit
8.8
CVSSv3
CVE-2017-6971
AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
Alienvault Ossim
Alienvault Unified Security Management
Nfsen Nfsen
1 EDB exploit
1 Github repository
8.4
CVSSv3
CVE-2017-6970
AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
Alienvault Ossim
Alienvault Unified Security Management
Nfsen Nfsen
1 EDB exploit
6.1
CVSSv3
CVE-2016-8583
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM prior to 5.3.2 are vulnerable to reflected XSS.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
6.1
CVSSv3
CVE-2016-8581
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM prior to 5.3.2 that allows an malicious user to steal session IDs of logged in users when the current sessions are viewed by an administrator.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
1 EDB exploit
5.7
CVSSv3
CVE-2017-14956
AlienVault USM v5.4.2 and previous versions offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out a...
Alienvault Unified Security Management
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »