Vulnerabilities > Alienvault > Open Source Security Information Management > 4.3

DATE CVE VULNERABILITY TITLE RISK
2014-06-18 CVE-2014-4151 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
network
low complexity
alienvault CWE-94
critical
 10.0
10
2014-06-13 CVE-2014-3805 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
network
low complexity
alienvault CWE-94
critical
 10.0
10
2014-06-13 CVE-2014-3804 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
network
low complexity
alienvault CWE-94
critical
 10.0
10
2013-10-09 CVE-2013-5967 SQL Injection vulnerability in Alienvault Open Source Security Information Management
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
network
low complexity
alienvault CWE-89
7.5
7.5