Lucene search
+L

138 matches found

checkpoint_advisories
checkpoint_advisories
added 2014/08/03 12:0 a.m.51 views

AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution - ver 2 (CVE-2014-3804)

Multiple command execution vulnerabilities exist in AlienVault OSSIM. The vulnerabilities are due to failure to safely sanitize user data while handling av-centerd SOAP service requests. A remote unauthenticated attacker can exploit these vulnerabilities by sending crafted requests to affected...

3.1AI score0.72376EPSS
Exploits9
zdi
zdi
added 2014/08/01 12:0 a.m.35 views

AlienVault OSSIM av-centerd Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the requests due to a...

10CVSS7AI score0.0368EPSS
Exploits0References1
checkpoint_advisories
checkpoint_advisories
added 2014/07/20 12:0 a.m.51 views

AlienVault OSSIM av-centerd Util.pm get_license Arbitrary Command Execution (CVE-2014-3805)

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the getlicense function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending...

10CVSS4AI score0.13072EPSS
Exploits7
nessus
nessus
added 2014/06/25 12:0 a.m.52 views

AlienVault OSSIM 'av-centerd' set_file() Remote Code Execution

The remote host is running a version of AlienVault Open Source Security Information Management OSSIM that is affected by a remote code execution vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'setfile' method. A remote, unauthenticated attacker can...

10CVSS6.2AI score0.07321EPSS
Exploits0References3
nessus
nessus
added 2014/06/25 12:0 a.m.22 views

AlienVault OSSIM 'av-centerd' get_file() Information Disclosure

The remote host is running a version of AlienVault Open Source Security Information Management OSSIM that is affected by an information disclosure vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'getfile' method. A remote, unauthenticated attacker can...

7.8CVSS5.9AI score0.07385EPSS
Exploits2References3
nessus
nessus
added 2014/06/23 12:0 a.m.51 views

AlienVault OSSIM 'av-centerd' Remote Code Execution

The remote host is running a version of AlienVault Open Source Security Information Management OSSIM that is affected by a remote code execution vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'getlogline' method. A remote, unauthenticated attacker ca...

10CVSS6.2AI score0.13072EPSS
Exploits7References3
nvd
nvd
added 2014/06/18 7:55 p.m.15 views

CVE-2014-4151

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...

10CVSS7.5AI score0.07321EPSS
Exploits0References3
nvd
nvd
added 2014/06/18 7:55 p.m.18 views

CVE-2014-4153

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...

7.8CVSS6.6AI score0.07385EPSS
Exploits2References3
nvd
nvd
added 2014/06/18 7:55 p.m.14 views

CVE-2014-4152

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remotetask request, related to injecting an ssh public key...

10CVSS7.6AI score0.05785EPSS
Exploits0References3
prion
prion
added 2014/06/18 7:55 p.m.17 views

Cross site request forgery (csrf)

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...

10CVSS8.1AI score0.07321EPSS
Exploits0References3Affected Software1
prion
prion
added 2014/06/18 7:55 p.m.23 views

Cross site request forgery (csrf)

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...

7.8CVSS7.1AI score0.07385EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2014/06/18 7:0 p.m.24 views

CVE-2014-4151

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...

7.5AI score0.07321EPSS
Exploits0References3
cve
cve
added 2014/06/18 7:0 p.m.42 views

CVE-2014-4151

CVE-2014-4151 affects AlienVault OSSIM prior to 4.8.0. The av-centerd SOAP service is vulnerable to a set_file handling flaw that allows a remote, unauthenticated attacker to write arbitrary files and execute arbitrary code with root privileges. The issue stems from inadequate input sanitization ...

10CVSS7.7AI score0.07321EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2014/06/18 7:0 p.m.19 views

CVE-2014-4152

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remotetask request, related to injecting an ssh public key...

7.6AI score0.05785EPSS
Exploits0References3
cve
cve
added 2014/06/18 7:0 p.m.56 views

CVE-2014-4153

CVE-2014-4153 affects AlienVault OSSIM

7.8CVSS6.8AI score0.07385EPSS
Exploits2References3Affected Software1
cve
cve
added 2014/06/18 7:0 p.m.51 views

CVE-2014-4152

The issue affects AlienVault OSSIM’s av-centerd SOAP service. Before 4.8.0, handling of remote_task requests allows remote code execution via crafted input, related to injecting an SSH public key. The vulnerability can be exploited without authentication and could grant root privileges on vulnera...

10CVSS7.8AI score0.05785EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2014/06/13 2:55 p.m.12 views

CVE-2014-3804

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 updatesysteminfodebianpackage, 2 ossectask, 3 setossimsetup adminip, 4 syncrserver, or 5 setossimsetup frameworkip request, a different vulnerability than CVE-2014-38...

10CVSS7.2AI score0.72376EPSS
Exploits9References7
nvd
nvd
added 2014/06/13 2:55 p.m.28 views

CVE-2014-3805

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...

10CVSS7.2AI score0.13072EPSS
Exploits7References5
prion
prion
added 2014/06/13 2:55 p.m.10 views

Cross site request forgery (csrf)

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 getlicense, 2 getlogline, or 3 updatesystem/upgradeproweb request, a different vulnerability than CVE-2014-3804...

10CVSS7.6AI score0.72376EPSS
Exploits16References5Affected Software1
cve
cve
added 2014/06/13 2:0 p.m.57 views

CVE-2014-3804

CVE-2014-3804 affects AlienVault OSSIM’s av-centerd SOAP service (before 4.7.0). It enables remote command execution via crafted av-centerd SOAP requests (e.g., sync_rserver, update_system_info_debian_package, ossec_task, set_ossim_setup admin_ip, set_ossim_setup framework_ip). Public references ...

10CVSS7.3AI score0.72376EPSS
Exploits9References7Affected Software1
Rows per page
Query Builder