CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2014-9220
https://notcve.org/view.php?id=CVE-2014-9220
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html http://openwall.com/lists/oss-security/2014/11/30/2 http://www.openvas.org/OVSA20141128.html https://www.alienvault.com/forums/discussion/4415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 3%CPEs: 17EXPL: 3CVE-2011-0018 – OpenVAS Manager - Command Injection
https://notcve.org/view.php?id=CVE-2011-0018
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). La función email manage_sql.c en OpenVAS Manager v1.0.x a ka v1.0.3 y v2.0.x a la v2.0rc2 permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de los campos (1) To or (2) From en una petición OMP al Greenbone Security Assistant (GSA). • https://www.exploit-db.com/exploits/16086 http://osvdb.org/70639 http://secunia.com/advisories/43037 http://www.exploit-db.com/exploits/16086 http://www.openvas.org/OVSA20110118.html http://www.securityfocus.com/archive/1/515971/100/0/threaded http://www.securityfocus.com/bid/45987 http://www.vupen.com/english/advisories/2011/0208 https://exchange.xforce.ibmcloud.com/vulnerabilities/65011 • CWE-20: Improper Input Validation •