Vulnerabilities > Alienvault > Open Source Security Information Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2015-4046 Command Injection vulnerability in Alienvault Open Source Security Information Management
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
network
low complexity
alienvault CWE-77
6.5
2014-08-21 CVE-2014-5383 SQL Injection vulnerability in Alienvault Open Source Security Information Management
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
alienvault CWE-89
6.5
2013-08-15 CVE-2013-5300 Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
network
alienvault CWE-79
4.3
2012-07-03 CVE-2012-3835 Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management 3.1
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
network
alienvault CWE-79
4.3
2012-07-03 CVE-2012-3834 SQL Injection vulnerability in Alienvault Open Source Security Information Management 3.1
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
network
low complexity
alienvault CWE-89
6.5