Vulnerabilities > Alienvault > Open Source Security Information Management > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-23 | CVE-2015-4046 | Command Injection vulnerability in Alienvault Open Source Security Information Management The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | 6.5 |
2014-08-21 | CVE-2014-5383 | SQL Injection vulnerability in Alienvault Open Source Security Information Management SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2013-08-15 | CVE-2013-5300 | Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php. | 4.3 |
2012-07-03 | CVE-2012-3835 | Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management 3.1 Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. | 4.3 |
2012-07-03 | CVE-2012-3834 | SQL Injection vulnerability in Alienvault Open Source Security Information Management 3.1 SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. | 6.5 |