138 matches found
AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution - ver 2 (CVE-2014-3804)
Multiple command execution vulnerabilities exist in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to affected...
AlienVault OSSIM av-centerd Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the requests due to a...
AlienVault OSSIM av-centerd Util.pm get_license Arbitrary Command Execution (CVE-2014-3805)
An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the getlicense function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending...
AlienVault OSSIM 'av-centerd' set_file() Remote Code Execution
The remote host is running a version of AlienVault Open Source Security Information Management OSSIM that is affected by a remote code execution vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'setfile' method. A remote, unauthenticated attacker can...
AlienVault OSSIM 'av-centerd' get_file() Information Disclosure
The remote host is running a version of AlienVault Open Source Security Information Management OSSIM that is affected by an information disclosure vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'getfile' method. A remote, unauthenticated attacker can...
AlienVault OSSIM 'av-centerd' Remote Code Execution
The remote host is running a version of AlienVault Open Source Security Information Management OSSIM that is affected by a remote code execution vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'getlogline' method. A remote, unauthenticated attacker ca...
CVE-2014-4151
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...
CVE-2014-4153
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...
CVE-2014-4152
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remotetask request, related to injecting an ssh public key...
Cross site request forgery (csrf)
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...
Cross site request forgery (csrf)
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...
CVE-2014-4151
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...
CVE-2014-4151
CVE-2014-4151 affects AlienVault OSSIM prior to 4.8.0. The av-centerd SOAP service is vulnerable to a set_file handling flaw that allows a remote, unauthenticated attacker to write arbitrary files and execute arbitrary code with root privileges. The issue stems from inadequate input sanitization ...
CVE-2014-4152
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remotetask request, related to injecting an ssh public key...
CVE-2014-4153
CVE-2014-4153 affects AlienVault OSSIM
CVE-2014-4152
The issue affects AlienVault OSSIM’s av-centerd SOAP service. Before 4.8.0, handling of remote_task requests allows remote code execution via crafted input, related to injecting an SSH public key. The vulnerability can be exploited without authentication and could grant root privileges on vulnera...
CVE-2014-3804
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 updatesysteminfodebianpackage, 2 ossectask, 3 setossimsetup adminip, 4 syncrserver, or 5 setossimsetup frameworkip request, a different vulnerability than CVE-2014-38...
CVE-2014-3805
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...
Cross site request forgery (csrf)
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...
CVE-2014-3804
CVE-2014-3804 affects AlienVault OSSIM’s av-centerd SOAP service (before 4.7.0). It enables remote command execution via crafted av-centerd SOAP requests (e.g., sync_rserver, update_system_info_debian_package, ossec_task, set_ossim_setup admin_ip, set_ossim_setup framework_ip). Public references ...