CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-9220
https://notcve.org/view.php?id=CVE-2014-9220
03 Dec 2014 — SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Vulnerabilidad de inyección SQL en OpenVAS Manager anterior a 4.0.6 y 5.x anterior a 5.0.7 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro timezone en un comando OMP modify_schedule. • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 1CVE-2013-6765 – OpenVAS Manager 4.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-6765
15 Nov 2013 — OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. OpenVAS Manager 3.0 anterior a 3.0.7 y 4.0 anterior a 4.0.4 permite a atacantes remotos evadir las restricciones de autenticación OMP y ejecutar comandos OMP a través de una solicitud OMP m... • https://www.exploit-db.com/exploits/34026 • CWE-287: Improper Authentication •