NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection

NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1...

Format string

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter aka the "Custom output format" field...