138 matches found
CVE-2014-3804
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 updatesysteminfodebianpackage, 2 ossectask, 3 setossimsetup adminip, 4 syncrserver, or 5 setossimsetup frameworkip request, a different vulnerability than CVE-2014-38...
CVE-2014-3805
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...
CVE-2014-3805
CVE-2014-3805 affects AlienVault OSSIM (av-centerd SOAP service) prior to 4.7.0. The vulnerability is a command-injection flaw in the Util.pm get_license path (and related get_log_line/update_system/upgrade_pro_web flows) caused by unsanitized user input, allowing remote unauthenticated execution...
AlienVault OSSIM av-centerd Util.pm get_file Information Disclosure Vulnerability
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies within the improper handling of a...
AlienVault OSSIM av-centerd Util.pm set_file Arbitrary File Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of setfile requests...
AlienVault OSSIM av-centerd Util.pm remote_task Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the remotetask request...
AlienVault OSSIM av-centerd Util.pm framework_ip Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setossimsetup...
AlienVault OSSIM av-centerd Util.pm update_system/upgrade_pro_web Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the...
AlienVault OSSIM av-centerd Util.pm update_system_info_debian_package Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the...
AlienVault OSSIM av-centerd Util.pm sync_rserver Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the syncrserver reques...
AlienVault OSSIM av-centerd Util.pm ossec_task Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of ossectask requests due...
AlienVault OSSIM av-centerd Util.pm get_log_line Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the getlogline request...
AlienVault OSSIM av-centerd Util.pm admin_ip Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setossimsetup...
AlienVault OSSIM av-centerd Util.pm set_file Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setfile requests d...
AlienVault OSSIM av-centerd Util.pm get_license Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Ossim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the getlicense request...
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload (CVE-2013-3215)
A remote code execution vulnerability has been reported in VTiger CRM.The vulnerability is due to lack of validation of file types uploaded to the server throught the AddEmailAttachment SOAP service. A remote attacker can exploit this vulnerability to access the script remotely and have it run th...
CVE-2013-4835
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765...
Authentication flaw
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765...
CVE-2013-4835
The vulnerability CVE-2013-4835 affects HP SiteScope’s APISiteScopeImpl SOAP service. In HP SiteScope versions 10.1x and 11.x (before 11.22), the issueSiebelCmd method allows remote attackers to bypass authentication and execute arbitrary code via a direct request. This is a remote code execution...
CVE-2013-4835
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765...