Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
peter lapp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-8582
A vulnerability exists in gauge.php of AlienVault OSSIM and USM prior to 5.3.2 that allows an malicious user to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
1 EDB exploit
9.8
CVSSv3
CVE-2018-9022
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and previous versions allows remote malicious users to execute arbitrary code or commands by poisoning a configuration file.
Broadcom Privileged Access Manager
1 EDB exploit
6.1
CVSSv3
CVE-2016-8581
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM prior to 5.3.2 that allows an malicious user to steal session IDs of logged in users when the current sessions are viewed by an administrator.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
1 EDB exploit
9.8
CVSSv3
CVE-2018-9021
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and previous versions allows remote malicious users to execute arbitrary commands with specially crafted requests.
Broadcom Privileged Access Manager
1 EDB exploit
7.8
CVSSv3
CVE-2017-14355
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
Microfocus Connected Backup 8.6
Microfocus Connected Backup 8.8.6
1 EDB exploit
6.1
CVSSv3
CVE-2016-8583
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM prior to 5.3.2 are vulnerable to reflected XSS.
Alienvault Open Source Security Information And Event Management
Alienvault Unified Security Management
7.1
CVSSv3
CVE-2019-15627
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
Trendmicro Deep Security 10.0
Trendmicro Deep Security 11.0
Trendmicro Deep Security 12.0
9.8
CVSSv3
CVE-2016-7955
The logcheck function in session.inc in AlienVault OSSIM prior to 5.3.1, when an action has been created, and USM prior to 5.3.1 allows remote malicious users to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code...
Alienvault Unified Security Management
Alienvault Ossim
9.8
CVSSv3
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM prior to 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
Alienvault Unified Security Management
Alienvault Open Source Security Information And Event Management
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started