CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2012-5520 – OpenVAS Command Injection
https://notcve.org/view.php?id=CVE-2012-5520
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request. La función send_to_sourcefire en manage_sql.c en OpenVAS Manager v3.x antes de v3.0.4 permite a atacantes remotos ejecutar código arbitrario a través de la dirección IP (1) o (2) el campo Número de puerto en una solicitud de OMP. It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html http://openwall.com/lists/oss-security/2012/11/13/12 http://openwall.com/lists/oss-security/2012/11/13/9 http://openwall.com/lists/oss-security/2012/11/14/11 http://openwall.com/lists/oss-security/2012/11/14/5 http://secunia.com/advisories/49128 http://wald.intevation& • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 3%CPEs: 17EXPL: 3CVE-2011-0018 – OpenVAS Manager - Command Injection
https://notcve.org/view.php?id=CVE-2011-0018
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). La función email manage_sql.c en OpenVAS Manager v1.0.x a ka v1.0.3 y v2.0.x a la v2.0rc2 permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de los campos (1) To or (2) From en una petición OMP al Greenbone Security Assistant (GSA). • https://www.exploit-db.com/exploits/16086 http://osvdb.org/70639 http://secunia.com/advisories/43037 http://www.exploit-db.com/exploits/16086 http://www.openvas.org/OVSA20110118.html http://www.securityfocus.com/archive/1/515971/100/0/threaded http://www.securityfocus.com/bid/45987 http://www.vupen.com/english/advisories/2011/0208 https://exchange.xforce.ibmcloud.com/vulnerabilities/65011 • CWE-20: Improper Input Validation •