Computer Security
[EN] securityvulns.ru no-pyccku


OpenVAS Manager code execution
Published:14.11.2012
Source:
SecurityVulns ID:12711
Type:remote
Threat Level:
5/10
Description:Unescaped shell characters on OMP request processing.
Affected:OPENVAS : OpenVAS Manager 3.0
 OPENVAS : OpenVAS Manager 4.0
CVE:CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.)
Original documentdocumentTim Brown, [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection (14.11.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod