Shodan
Vulnerabilities
Vulnerable Software
Alienvault:  Security Vulnerabilities
CVE-2016-8582
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
CVSS Score
9.8
EPSS Score
0.805
Published
2016-10-28
CVE-2016-8581
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
CVSS Score
6.1
EPSS Score
0.664
Published
2016-10-28
CVE-2016-8580
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
CVSS Score
9.8
EPSS Score
0.126
Published
2016-10-28
CVE-2016-6913
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-09-26
CVE-2015-3446
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
CVSS Score
9.3
EPSS Score
0.015
Published
2015-05-01
CVE-2014-5158
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.055
Published
2014-08-21
CVE-2014-5159
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-08-21
CVE-2014-5210
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
CVSS Score
10.0
EPSS Score
0.135
Published
2014-08-21
CVE-2014-5383
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.247
Published
2014-08-21
CVE-2014-4151
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
CVSS Score
10.0
EPSS Score
0.114
Published
2014-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved