Vulnerabilities > Openvas > Openvas Manager > 1.0.2

DATE CVE VULNERABILITY TITLE RISK
2014-12-03 CVE-2014-9220 SQL Injection vulnerability in multiple products
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
network
low complexity
fedoraproject openvas opensuse CWE-89
7.5
7.5
2011-01-28 CVE-2011-0018 Improper Input Validation vulnerability in Openvas Manager
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
network
low complexity
openvas CWE-20
critical
 9.0
9.0