CVE-2014-9220
https://notcve.org/view.php?id=CVE-2014-9220
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html http://openwall.com/lists/oss-security/2014/11/30/2 http://www.openvas.org/OVSA20141128.html https://www.alienvault.com/forums/discussion/4415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-6765 – OpenVAS Manager 4.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-6765
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. OpenVAS Manager 3.0 anterior a 3.0.7 y 4.0 anterior a 4.0.4 permite a atacantes remotos evadir las restricciones de autenticación OMP y ejecutar comandos OMP a través de una solicitud OMP manipulada para información de versión, lo que causa que el estado se configure como CLIENT_AUTHENTIC, tal y como fue demostrado por la función omp_xml_handle_end_element en omp.c. • https://www.exploit-db.com/exploits/34026 http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html http://www.openvas.org/OVSA20131108.html http://www.openwall.com/lists/oss-security/2013/11/10/2 • CWE-287: Improper Authentication •
CVE-2012-5520 – OpenVAS Command Injection
https://notcve.org/view.php?id=CVE-2012-5520
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request. La función send_to_sourcefire en manage_sql.c en OpenVAS Manager v3.x antes de v3.0.4 permite a atacantes remotos ejecutar código arbitrario a través de la dirección IP (1) o (2) el campo Número de puerto en una solicitud de OMP. It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html http://openwall.com/lists/oss-security/2012/11/13/12 http://openwall.com/lists/oss-security/2012/11/13/9 http://openwall.com/lists/oss-security/2012/11/14/11 http://openwall.com/lists/oss-security/2012/11/14/5 http://secunia.com/advisories/49128 http://wald.intevation& • CWE-20: Improper Input Validation •