Search
Find a vulnerability
Search criteria
10 vulnerabilities found for openvas_manager by openvas
CVE-2011-1597 (GCVE-0-2011-1597)
Vulnerability from nvd – Published: 2020-02-05 23:55 – Updated: 2024-08-06 22:28
VLAI
Summary
OpenVAS Manager v2.0.3 allows plugin remote code execution.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:42.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/04/20/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Manager",
"vendor": "OpenVAS",
"versions": [
{
"status": "affected",
"version": "v2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVAS Manager v2.0.3 allows plugin remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T23:55:32.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/04/20/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Manager",
"version": {
"version_data": [
{
"version_value": "v2.0.3"
}
]
}
}
]
},
"vendor_name": "OpenVAS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVAS Manager v2.0.3 allows plugin remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/04/20/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/04/20/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1597",
"datePublished": "2020-02-05T23:55:32.000Z",
"dateReserved": "2011-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:42.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9220 (GCVE-0-2014-9220)
Vulnerability from nvd – Published: 2014-12-03 01:00 – Updated: 2024-08-06 13:40
VLAI
Summary
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://openwall.com/lists/oss-security/2014/11/30/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openvas.org/OVSA20141128.html | x_refsource_CONFIRM |
| https://www.alienvault.com/forums/discussion/4415/ | x_refsource_CONFIRM |
Date Public
2014-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:0247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html"
},
{
"name": "[oss-security] 20141201 CVE request: OpenVAS Manager SQL injection (OVSA20141128)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/11/30/2"
},
{
"name": "FEDORA-2014-17049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20141128.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.alienvault.com/forums/discussion/4415/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-01T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2015:0247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html"
},
{
"name": "[oss-security] 20141201 CVE request: OpenVAS Manager SQL injection (OVSA20141128)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/11/30/2"
},
{
"name": "FEDORA-2014-17049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20141128.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.alienvault.com/forums/discussion/4415/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html"
},
{
"name": "[oss-security] 20141201 CVE request: OpenVAS Manager SQL injection (OVSA20141128)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/30/2"
},
{
"name": "FEDORA-2014-17049",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html"
},
{
"name": "http://www.openvas.org/OVSA20141128.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20141128.html"
},
{
"name": "https://www.alienvault.com/forums/discussion/4415/",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/4415/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9220",
"datePublished": "2014-12-03T01:00:00.000Z",
"dateReserved": "2014-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:24.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6765 (GCVE-0-2013-6765)
Vulnerability from nvd – Published: 2014-05-19 14:00 – Updated: 2024-08-06 17:46
VLAI
Summary
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lists.wald.intevation.org/pipermail/openva… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2013/11/10/2 | mailing-listx_refsource_MLIST |
| http://www.openvas.org/OVSA20131108.html | x_refsource_CONFIRM |
Date Public
2013-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html"
},
{
"name": "[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20131108.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html"
},
{
"name": "[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20131108.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6",
"refsource": "MLIST",
"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html"
},
{
"name": "[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2"
},
{
"name": "http://www.openvas.org/OVSA20131108.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20131108.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6765",
"datePublished": "2014-05-19T14:00:00.000Z",
"dateReserved": "2013-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5520 (GCVE-0-2012-5520)
Vulnerability from nvd – Published: 2012-11-26 11:00 – Updated: 2024-08-06 21:05
VLAI
Summary
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://openwall.com/lists/oss-security/2012/11/13/9 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2012/11/14/5 | mailing-listx_refsource_MLIST |
| http://www.openvas.org/OVSA20121112.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/49128 | third-party-advisoryx_refsource_SECUNIA |
| http://wald.intevation.org/scm/viewvc.php?view=re… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/56497 | vdb-entryx_refsource_BID |
| http://openwall.com/lists/oss-security/2012/11/14/11 | mailing-listx_refsource_MLIST |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://openwall.com/lists/oss-security/2012/11/13/12 | mailing-listx_refsource_MLIST |
Date Public
2012-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html"
},
{
"name": "20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html"
},
{
"name": "[oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/9"
},
{
"name": "[oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20121112.html"
},
{
"name": "49128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437"
},
{
"name": "56497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56497"
},
{
"name": "[oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/11"
},
{
"name": "20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html"
},
{
"name": "[oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html"
},
{
"name": "20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html"
},
{
"name": "[oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/9"
},
{
"name": "[oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20121112.html"
},
{
"name": "49128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437"
},
{
"name": "56497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56497"
},
{
"name": "[oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/11"
},
{
"name": "20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html"
},
{
"name": "[oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html"
},
{
"name": "20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html"
},
{
"name": "[oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/13/9"
},
{
"name": "[oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/14/5"
},
{
"name": "http://www.openvas.org/OVSA20121112.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20121112.html"
},
{
"name": "49128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49128"
},
{
"name": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437",
"refsource": "CONFIRM",
"url": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437"
},
{
"name": "56497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56497"
},
{
"name": "[oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/14/11"
},
{
"name": "20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html"
},
{
"name": "[oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/13/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5520",
"datePublished": "2012-11-26T11:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:47.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0018 (GCVE-0-2011-0018)
Vulnerability from nvd – Published: 2011-01-28 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/515971/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/43037 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/45987 | vdb-entryx_refsource_BID |
| http://www.openvas.org/OVSA20110118.html | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2011/0208 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/70639 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/16086 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45987"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45987"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45987"
},
{
"name": "http://www.openvas.org/OVSA20110118.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"refsource": "OSVDB",
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0018",
"datePublished": "2011-01-28T15:00:00.000Z",
"dateReserved": "2010-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:02.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1597 (GCVE-0-2011-1597)
Vulnerability from cvelistv5 – Published: 2020-02-05 23:55 – Updated: 2024-08-06 22:28
VLAI
Summary
OpenVAS Manager v2.0.3 allows plugin remote code execution.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:42.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/04/20/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Manager",
"vendor": "OpenVAS",
"versions": [
{
"status": "affected",
"version": "v2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVAS Manager v2.0.3 allows plugin remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T23:55:32.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/04/20/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Manager",
"version": {
"version_data": [
{
"version_value": "v2.0.3"
}
]
}
}
]
},
"vendor_name": "OpenVAS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVAS Manager v2.0.3 allows plugin remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/04/20/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/04/20/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1597",
"datePublished": "2020-02-05T23:55:32.000Z",
"dateReserved": "2011-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:42.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9220 (GCVE-0-2014-9220)
Vulnerability from cvelistv5 – Published: 2014-12-03 01:00 – Updated: 2024-08-06 13:40
VLAI
Summary
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://openwall.com/lists/oss-security/2014/11/30/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openvas.org/OVSA20141128.html | x_refsource_CONFIRM |
| https://www.alienvault.com/forums/discussion/4415/ | x_refsource_CONFIRM |
Date Public
2014-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:0247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html"
},
{
"name": "[oss-security] 20141201 CVE request: OpenVAS Manager SQL injection (OVSA20141128)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/11/30/2"
},
{
"name": "FEDORA-2014-17049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20141128.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.alienvault.com/forums/discussion/4415/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-01T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2015:0247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html"
},
{
"name": "[oss-security] 20141201 CVE request: OpenVAS Manager SQL injection (OVSA20141128)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/11/30/2"
},
{
"name": "FEDORA-2014-17049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20141128.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.alienvault.com/forums/discussion/4415/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00039.html"
},
{
"name": "[oss-security] 20141201 CVE request: OpenVAS Manager SQL injection (OVSA20141128)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/30/2"
},
{
"name": "FEDORA-2014-17049",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147753.html"
},
{
"name": "http://www.openvas.org/OVSA20141128.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20141128.html"
},
{
"name": "https://www.alienvault.com/forums/discussion/4415/",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/4415/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9220",
"datePublished": "2014-12-03T01:00:00.000Z",
"dateReserved": "2014-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:24.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6765 (GCVE-0-2013-6765)
Vulnerability from cvelistv5 – Published: 2014-05-19 14:00 – Updated: 2024-08-06 17:46
VLAI
Summary
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lists.wald.intevation.org/pipermail/openva… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2013/11/10/2 | mailing-listx_refsource_MLIST |
| http://www.openvas.org/OVSA20131108.html | x_refsource_CONFIRM |
Date Public
2013-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html"
},
{
"name": "[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20131108.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html"
},
{
"name": "[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20131108.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Openvas-announce] 20131108 Security Releases for OpenVAS-5 and OpenVAS-6",
"refsource": "MLIST",
"url": "http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html"
},
{
"name": "[oss-security] 20131110 CVE-2013-6765 CVE-2013-6766 for OpenVAS 4.0.4/1.3.2/etc.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/10/2"
},
{
"name": "http://www.openvas.org/OVSA20131108.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20131108.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6765",
"datePublished": "2014-05-19T14:00:00.000Z",
"dateReserved": "2013-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5520 (GCVE-0-2012-5520)
Vulnerability from cvelistv5 – Published: 2012-11-26 11:00 – Updated: 2024-08-06 21:05
VLAI
Summary
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://openwall.com/lists/oss-security/2012/11/13/9 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2012/11/14/5 | mailing-listx_refsource_MLIST |
| http://www.openvas.org/OVSA20121112.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/49128 | third-party-advisoryx_refsource_SECUNIA |
| http://wald.intevation.org/scm/viewvc.php?view=re… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/56497 | vdb-entryx_refsource_BID |
| http://openwall.com/lists/oss-security/2012/11/14/11 | mailing-listx_refsource_MLIST |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://openwall.com/lists/oss-security/2012/11/13/12 | mailing-listx_refsource_MLIST |
Date Public
2012-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html"
},
{
"name": "20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html"
},
{
"name": "[oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/9"
},
{
"name": "[oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20121112.html"
},
{
"name": "49128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437"
},
{
"name": "56497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56497"
},
{
"name": "[oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/11"
},
{
"name": "20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html"
},
{
"name": "[oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html"
},
{
"name": "20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html"
},
{
"name": "[oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/9"
},
{
"name": "[oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20121112.html"
},
{
"name": "49128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437"
},
{
"name": "56497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56497"
},
{
"name": "[oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/14/11"
},
{
"name": "20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html"
},
{
"name": "[oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/11/13/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0059.html"
},
{
"name": "20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0047.html"
},
{
"name": "[oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/13/9"
},
{
"name": "[oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/14/5"
},
{
"name": "http://www.openvas.org/OVSA20121112.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20121112.html"
},
{
"name": "49128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49128"
},
{
"name": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437",
"refsource": "CONFIRM",
"url": "http://wald.intevation.org/scm/viewvc.php?view=rev\u0026root=openvas\u0026revision=14437"
},
{
"name": "56497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56497"
},
{
"name": "[oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/14/11"
},
{
"name": "20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0055.html"
},
{
"name": "[oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/13/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5520",
"datePublished": "2012-11-26T11:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:47.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0018 (GCVE-0-2011-0018)
Vulnerability from cvelistv5 – Published: 2011-01-28 15:00 – Updated: 2024-08-06 21:36
VLAI
Summary
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/515971/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/43037 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/45987 | vdb-entryx_refsource_BID |
| http://www.openvas.org/OVSA20110118.html | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2011/0208 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/70639 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/16086 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45987"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45987"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515971/100/0/threaded"
},
{
"name": "43037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43037"
},
{
"name": "45987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45987"
},
{
"name": "http://www.openvas.org/OVSA20110118.html",
"refsource": "CONFIRM",
"url": "http://www.openvas.org/OVSA20110118.html"
},
{
"name": "ADV-2011-0208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0208"
},
{
"name": "70639",
"refsource": "OSVDB",
"url": "http://osvdb.org/70639"
},
{
"name": "16086",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16086"
},
{
"name": "openvas-email-command-execution(65011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0018",
"datePublished": "2011-01-28T15:00:00.000Z",
"dateReserved": "2010-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:02.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}