2 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

OpenVAS Manager v2.0.3 allows plugin remote code execution. OpenVAS Manager versión v2.0.3, permite una ejecución de código remota del plugin. • https://www.openwall.com/lists/oss-security/2011/04/20/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html http://openwall.com/lists/oss-security/2014/11/30/2 http://www.openvas.org/OVSA20141128.html https://www.alienvault.com/forums/discussion/4415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •