Lucene search
+L

138 matches found

Cvelist
Cvelist
added 2014/06/13 2:0 p.m.33 views

CVE-2014-3804

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 updatesysteminfodebianpackage, 2 ossectask, 3 setossimsetup adminip, 4 syncrserver, or 5 setossimsetup frameworkip request, a different vulnerability than CVE-2014-38...

7.2AI score0.72376EPSS
Exploits9References7
Cvelist
Cvelist
added 2014/06/13 2:0 p.m.32 views

CVE-2014-3805

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...

7.2AI score0.13072EPSS
Exploits7References5
CVE
CVE
added 2014/06/13 2:0 p.m.58 views

CVE-2014-3805

CVE-2014-3805 affects AlienVault OSSIM (av-centerd SOAP service) prior to 4.7.0. The vulnerability is a command-injection flaw in the Util.pm get_license path (and related get_log_line/update_system/upgrade_pro_web flows) caused by unsanitized user input, allowing remote unauthenticated execution...

10CVSS7.3AI score0.13072EPSS
Exploits7References5Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2014/06/13 12:0 a.m.30 views

AlienVault OSSIM av-centerd Util.pm get_file Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies within the improper handling of a...

7.8CVSS5.8AI score0.07385EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/13 12:0 a.m.26 views

AlienVault OSSIM av-centerd Util.pm set_file Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of setfile requests...

10CVSS7.1AI score0.07321EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/13 12:0 a.m.31 views

AlienVault OSSIM av-centerd Util.pm remote_task Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the remotetask request...

10CVSS7.1AI score0.05785EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.17 views

AlienVault OSSIM av-centerd Util.pm framework_ip Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setossimsetup...

10CVSS6.9AI score0.72376EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.30 views

AlienVault OSSIM av-centerd Util.pm update_system/upgrade_pro_web Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the...

10CVSS6.9AI score0.13072EPSS
Exploits7References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.16 views

AlienVault OSSIM av-centerd Util.pm update_system_info_debian_package Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the...

10CVSS6.9AI score0.72376EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.30 views

AlienVault OSSIM av-centerd Util.pm sync_rserver Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the syncrserver reques...

10CVSS6.9AI score0.72376EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.27 views

AlienVault OSSIM av-centerd Util.pm ossec_task Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of ossectask requests due...

10CVSS6.9AI score0.72376EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.31 views

AlienVault OSSIM av-centerd Util.pm get_log_line Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the getlogline request...

10CVSS6.9AI score0.13072EPSS
Exploits7References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.19 views

AlienVault OSSIM av-centerd Util.pm admin_ip Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setossimsetup...

10CVSS6.9AI score0.72376EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.27 views

AlienVault OSSIM av-centerd Util.pm set_file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setfile requests d...

10CVSS6.9AI score0.72376EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.19 views

AlienVault OSSIM av-centerd Util.pm get_license Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the getlicense request...

10CVSS6.9AI score0.13072EPSS
Exploits7References1
Check Point Advisories
Check Point Advisories
added 2014/02/17 12:0 a.m.50 views

vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload (CVE-2013-3215)

A remote code execution vulnerability has been reported in VTiger CRM.The vulnerability is due to lack of validation of file types uploaded to the server throught the AddEmailAttachment SOAP service. A remote attacker can exploit this vulnerability to access the script remotely and have it run th...

2.4AI score0.68849EPSS
Exploits8
NVD
NVD
added 2013/11/04 4:55 p.m.39 views

CVE-2013-4835

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765...

7.5CVSS7.7AI score0.71003EPSS
Exploits5References3
Prion
Prion
added 2013/11/04 4:55 p.m.18 views

Authentication flaw

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765...

7.5CVSS8.2AI score0.71003EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2013/11/04 3:0 p.m.153 views

CVE-2013-4835

The vulnerability CVE-2013-4835 affects HP SiteScope’s APISiteScopeImpl SOAP service. In HP SiteScope versions 10.1x and 11.x (before 11.22), the issueSiebelCmd method allows remote attackers to bypass authentication and execute arbitrary code via a direct request. This is a remote code execution...

7.5CVSS7.7AI score0.71003EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2013/11/04 3:0 p.m.43 views

CVE-2013-4835

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765...

7.7AI score0.71003EPSS
Exploits5References3
Rows per page
Query Builder