what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files

OSSIM 2.2.1 Cross Site Request Forgery
Posted Apr 1, 2010
Authored by CONIX Security | Site conix.fr

OSSIM version 2.2.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 8fac8d4b7839a6b7c8bdedf4bc5d68cf571a9262e16b08e365fc2a9c41cdf510

Related Files

NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection
Posted Jul 11, 2017
Authored by Paul Taylor

NfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.

tags | exploit
advisories | CVE-2017-6972
SHA-256 | 6b2e5703fd89723e64a82ec4b72ba979239fa1d8e95511ce4df0a2e31d8f0b19
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection
Posted Jul 10, 2017
Authored by Paul Taylor

NfSen version 1.3.7 and AlienVault USM/OSSIM version 5.3.4 suffer from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2017-6971
SHA-256 | 95d2698b9bc2ea6a348d98c0e7be5759acfc23cd3feb8a3ccd45bbe1ab8f1470
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.6 Local Root
Posted Jul 10, 2017
Authored by Paul Taylor

NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-6970
SHA-256 | a8b33f56ffd726c88dbc984a9d7a8588f36a32cd8aedb73c518ecc1dead228c9
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
Posted Apr 14, 2017
Authored by temp66, Peter Lapp | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.

tags | exploit, root
SHA-256 | d72c139011d02b5dd53490824fea6a9d33d4ea93c69d1eaa4c8702f390b4d945
Alienvault OSSIM / USM 5.3.0 Authentication Bypass
Posted Mar 7, 2017
Authored by Peter Lapp

Alienvault OSSIM / USM versions 5.3.0 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-7955
SHA-256 | ccc7d25b13cf43b235374996a93e7e29606307a1b963ca5677daa1e44f30002d
AlienVault OSSIM/USM Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince, Peter Lapp | Site metasploit.com

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1

tags | exploit, arbitrary, root, spoof, php, vulnerability, sql injection
SHA-256 | ac4cd7158b0ae42d40bce75202d5221b0347a49712ff529804a31fe058562cf0
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.

tags | exploit, php
advisories | CVE-2016-8580
SHA-256 | 15c73504476ef61ce3f78973018cb8b2513108fb8a4f815dca1ef6a0da27f672
Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8581
SHA-256 | 373697a8bc5814e72590ca5c5ffda41e105c91a84d2e74b0d4e25fb2659889b6
Alienvault OSSIM/USM 5.3.1 SQL Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-8582
SHA-256 | 30fc087a9e2c28203acf4fa8bf0c93d8dbf91426b95c05cb6c56d71080f5ecdc
Alienvault OSSIM/USM 5.3.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8583
SHA-256 | 67edb0c1f8dc320c504c4dc2955487eacc3b39dcbb0d2dd72fa7e4322b63bd3e
AlienVault USM/OSSIM 5.2 Cross Site Scripting
Posted Aug 24, 2016
Authored by Julien Ahrens | Site rcesecurity.com

AlienVault USM/OSSIM version 5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-6913
SHA-256 | 52d6e5998255d0e9741227d3f9f592c61f60e95789c4df2d2c3f1ba5af0dbda1
AlienVault OSSIM 4.3 Cross Site Request Forgery
Posted Oct 22, 2015
Authored by MohammadReza Mohajerani

AlienVault OSSIM version 4.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 070be2bd3bbec9a09484c82f4dfab63895888bf9f5181660c7a06235ad2250d5
Alienvault OSSIM/USM 4.x / 5.0 XSS / SQL Injection / Command Execution
Posted May 6, 2015
Authored by Peter Lapp

Alienvault OSSIM/USM versions 4.14, 4.15, and 5.0 suffer from cross site scripting, remote command execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 05fedd0172a711f1b3ebccf206431da754dbc59c1c66baabdd88b6a813ba1830
Alienvault OSSIM/USM 4.14.X Command Execution
Posted Jan 16, 2015
Authored by Peter Lapp

Alienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.

tags | exploit, remote, proof of concept
SHA-256 | a68baa3bbf3f63879d7b7f3eaa8c9b8bc017abc0c0112daba2b272eca6043950
AlienVault OSSIM SQL Injection / Code Execution
Posted May 2, 2014
Authored by Sasha Zivojinovic | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code execution can be gained by creating a high priority policy with an action containing our payload.

tags | exploit, remote, code execution, sql injection
SHA-256 | b58a85510e5daac3f9d9b649fd1dbf074e6a06ca09a0eb2b485f9cc59e6e2bdd
AlienVault OSSIM 4.3 SQL Injection
Posted Feb 7, 2014
Authored by A. Smith

AlienVault OSSIM version 4.3 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 5ca78d190ca63e9f10a2d9625f09ad36148d75d7be25be8d9db671624b862a1d
Alienvault OSSIM Cross Site Scripting
Posted Jul 25, 2013
Authored by xistence

Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b97b24ad187260fb2d369e36bc782d9527bb13c5629ef33949027b13a42c4a22
Alienvault OSSIM SIEM 4.1 SQL Injection
Posted Jun 21, 2013
Authored by Glafkos Charalambous

Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776
AlienVault OSSIM 4.1.2 SQL Injection
Posted May 8, 2013
Authored by RunRunLevel

AlienVault OSSIM versions 4.1.2 and below suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | edf35d0b9315cc82230669af31e17a817456a6ac0929e244282a0af64f6ac336
Secunia Security Advisory 50865
Posted Oct 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ibrahim M. El-Sayed has reported some vulnerabilities in OSSIM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 441cc0588db4e3e28728d30db8fed8ef8cc78fff52f613c94a7a398326ffaa2a
Secunia Security Advisory 49005
Posted May 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stefan Schurtz has discovered two vulnerabilities in OSSIM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | aa92c7fd1514c0da05535bee16e3230770c65f4434b7c870cd8800a130d0fecb
Secunia Security Advisory 39141
Posted Apr 1, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - CONIX Security has discovered some vulnerabilities in OSSIM, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

tags | advisory, spoof, vulnerability, xss
SHA-256 | 6e02fcf3d4f9ce7f171f0771d98da8a44352b03be77cae50bbe2699ac2d01eff
OSSIM 2.2.1 Cross Site Scripting
Posted Apr 1, 2010
Authored by CONIX Security | Site conix.fr

OSSIM version 2.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6e4c14c8aec37791b959d328a1ff9ea0a8783eb80875f32046ccca8bb2a4c4ef
Secunia Security Advisory 38969
Posted Mar 18, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in OSSIM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information.

tags | advisory, vulnerability
SHA-256 | 3b43a51582c2b6372f517f39da109443c5db488348fb316894ce396467489aad
OSSIM 2.2 Remote Command Execution
Posted Mar 16, 2010
Authored by Nahuel Grisolia | Site cybsec.com

CYBSEC Security Advisory - OSSIM version 2.2 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | fa7bc7dccfc1eea54e33881d98d9b73763826b24c23c03bff189b25b91634c35
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close