CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1597
https://notcve.org/view.php?id=CVE-2011-1597
OpenVAS Manager v2.0.3 allows plugin remote code execution. OpenVAS Manager versión v2.0.3, permite una ejecución de código remota del plugin. • https://www.openwall.com/lists/oss-security/2011/04/20/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2014-9220
https://notcve.org/view.php?id=CVE-2014-9220
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html http://openwall.com/lists/oss-security/2014/11/30/2 http://www.openvas.org/OVSA20141128.html https://www.alienvault.com/forums/discussion/4415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 7%CPEs: 26EXPL: 1CVE-2013-6765 – OpenVAS Manager 4.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-6765
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. OpenVAS Manager 3.0 anterior a 3.0.7 y 4.0 anterior a 4.0.4 permite a atacantes remotos evadir las restricciones de autenticación OMP y ejecutar comandos OMP a través de una solicitud OMP manipulada para información de versión, lo que causa que el estado se configure como CLIENT_AUTHENTIC, tal y como fue demostrado por la función omp_xml_handle_end_element en omp.c. • https://www.exploit-db.com/exploits/34026 http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html http://www.openvas.org/OVSA20131108.html http://www.openwall.com/lists/oss-security/2013/11/10/2 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2012-5520 – OpenVAS Command Injection
https://notcve.org/view.php?id=CVE-2012-5520
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request. La función send_to_sourcefire en manage_sql.c en OpenVAS Manager v3.x antes de v3.0.4 permite a atacantes remotos ejecutar código arbitrario a través de la dirección IP (1) o (2) el campo Número de puerto en una solicitud de OMP. It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html http://openwall.com/lists/oss-security/2012/11/13/12 http://openwall.com/lists/oss-security/2012/11/13/9 http://openwall.com/lists/oss-security/2012/11/14/11 http://openwall.com/lists/oss-security/2012/11/14/5 http://secunia.com/advisories/49128 http://wald.intevation& • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 3%CPEs: 17EXPL: 3CVE-2011-0018 – OpenVAS Manager - Command Injection
https://notcve.org/view.php?id=CVE-2011-0018
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). La función email manage_sql.c en OpenVAS Manager v1.0.x a ka v1.0.3 y v2.0.x a la v2.0rc2 permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de los campos (1) To or (2) From en una petición OMP al Greenbone Security Assistant (GSA). • https://www.exploit-db.com/exploits/16086 http://osvdb.org/70639 http://secunia.com/advisories/43037 http://www.exploit-db.com/exploits/16086 http://www.openvas.org/OVSA20110118.html http://www.securityfocus.com/archive/1/515971/100/0/threaded http://www.securityfocus.com/bid/45987 http://www.vupen.com/english/advisories/2011/0208 https://exchange.xforce.ibmcloud.com/vulnerabilities/65011 • CWE-20: Improper Input Validation •