7 matches found
CVE-2014-5210
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 remotetask or 2 getlicense request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805...
CVE-2014-4153
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...
Cross site request forgery (csrf)
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted setfile request...
CVE-2014-4153
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted getfile request...
CVE-2014-4151
CVE-2014-4151 affects AlienVault OSSIM prior to 4.8.0. The av-centerd SOAP service is vulnerable to a set_file handling flaw that allows a remote, unauthenticated attacker to write arbitrary files and execute arbitrary code with root privileges. The issue stems from inadequate input sanitization ...
Design/Logic Flaw
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 updatesysteminfodebianpackage, 2 ossectask, 3 setossimsetup adminip, 4 syncrserver, or 5 setossimsetup frameworkip request, a different vulnerability than CVE-2014-38...
CVE-2014-3804
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted 1 updatesysteminfodebianpackage, 2 ossectask, 3 setossimsetup adminip, 4 syncrserver, or 5 setossimsetup frameworkip request, a different vulnerability than CVE-2014-38...