[FD] CVE-2016-8580 - Alienvault OSSIM/USM Object Injection Vulnerability

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8580 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = A PHP object injection vulnerability exists in multi

[FD] CVE-2016-8581 - Alienvault OSSIM/USM Stored XSS Vulnerability

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = A stored XSS vulnerability exists in the User-Ag

[FD] CVE-2016-8582 - Alienvault OSSIM/USM SQL Injection Vulnerability

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: SQL Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8582 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = A SQL injection vulnerability exists in the value parame

[FD] CVE-2016-8583 - Alienvault OSSIM/USM Reflected XSS

2016-11-01 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: Reflected XSS Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8583 Vulnerable Versions: <=5.3.1 Fixed Version: 5.3.2 Vulnerability Details = Multiple GET parameters in the vulnerability scan schedu

Re: [FD] Alienvault OSSIM/USM Multiple Vulnerabilities

2015-05-08 Thread Peter Lapp
Shortly after I posted this I received an email from Alienvault stating that a fix is imminent and is planned to be released next week in version 5.0.2. Thanks to AV for getting back to me on this. On Tue, May 5, 2015 at 9:21 PM, Peter Lapp lapp...@gmail.com wrote: Details === Product

[FD] Alienvault OSSIM/USM Multiple Vulnerabilities

2015-05-06 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities (XSS, SQLi, Command Execution) Author: Peter Lapp, lapp...@gmail.com CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix

[FD] F5 ASM JSON Profile Bypass

2015-05-05 Thread Peter Lapp
Details === Product: F5 BIG-IP Application Security Manager (ASM) Vulnerability: Web Application Firewall Bypass Author: Peter Lapp, lappsec () gmail com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Should apply to all releases. Fixed Version: None Summary

[FD] Alienvault OSSIM/USM Command Execution Vulnerability

2015-01-15 Thread Peter Lapp
Details === Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, lapp...@gmail.com CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary === Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data

[FD] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager

2015-01-12 Thread Peter Lapp
Details === Product: F5 BIG-IP Application Security Manager (ASM) Vulnerability: Cross Site Scripting Author: Peter Lapp, lapp...@gmail.com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x. Fixed Version: 11.6 Summary === The F5 ASM is a web

[FD] [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager

2015-01-12 Thread Peter Lapp
Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15. Details === Product: F5 BIG-IP Application Security Manager (ASM) Vulnerability: Cross Site Scripting Author: Peter Lapp, lapp...@gmail.com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x