Vulnerabilities > Alienvault > Open Source Security Information Management > 4.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-18 | CVE-2014-4151 | Code Injection vulnerability in Alienvault Open Source Security Information Management The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. | 10.0 |
2014-06-13 | CVE-2014-3805 | Code Injection vulnerability in Alienvault Open Source Security Information Management The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804. | 10.0 |
2014-06-13 | CVE-2014-3804 | Code Injection vulnerability in Alienvault Open Source Security Information Management The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805. | 10.0 |