Vulnerabilities > Alienvault > Open Source Security Information Management > 2.1.5.2

DATE CVE VULNERABILITY TITLE RISK
2014-06-18 CVE-2014-4151 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
network
low complexity
alienvault CWE-94
critical
 10.0
10
2014-06-13 CVE-2014-3805 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
network
low complexity
alienvault CWE-94
critical
 10.0
10
2014-06-13 CVE-2014-3804 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
network
low complexity
alienvault CWE-94
critical
 10.0
10
2013-10-09 CVE-2013-5967 SQL Injection vulnerability in Alienvault Open Source Security Information Management
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
network
low complexity
alienvault CWE-89
7.5
7.5
2013-08-15 CVE-2013-5300 Cross-Site Scripting vulnerability in Alienvault Open Source Security Information Management
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
network
alienvault CWE-79
4.3
4.3
2009-12-21 CVE-2009-4375 SQL Injection vulnerability in Alienvault Open Source Security Information Management
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
network
low complexity
alienvault CWE-89
7.5
7.5
2009-12-21 CVE-2009-4373 File-Upload vulnerability in Open Source Security Information Management
Unrestricted file upload vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in ossiminstall/uploads/.
network
low complexity
alienvault
7.5
7.5
2009-12-21 CVE-2009-4372 Improper Input Validation vulnerability in Alienvault Open Source Security Information Management
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
network
low complexity
alienvault CWE-20
7.5
7.5