Vulnerabilities > Alienvault > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-03-22 CVE-2017-6972 Improper Check for Dropped Privileges vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
network
low complexity
alienvault nfsen CWE-273
critical
10.0
2017-03-22 CVE-2017-6971 Injection vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
network
low complexity
alienvault nfsen CWE-74
critical
9.0
2015-05-01 CVE-2015-3446 Code Injection vulnerability in Alienvault Unified Security Management 4.14
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
network
alienvault CWE-94
critical
9.3
2014-08-21 CVE-2014-5210 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
network
low complexity
alienvault CWE-94
critical
10.0
2014-08-21 CVE-2014-5158 Code Injection vulnerability in Alienvault Open Source Security Information Management
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
alienvault CWE-94
critical
10.0
2014-06-18 CVE-2014-4152 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
network
low complexity
alienvault CWE-94
critical
10.0
2014-06-18 CVE-2014-4151 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
network
low complexity
alienvault CWE-94
critical
10.0
2014-06-13 CVE-2014-3805 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
network
low complexity
alienvault CWE-94
critical
10.0
2014-06-13 CVE-2014-3804 Code Injection vulnerability in Alienvault Open Source Security Information Management
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
network
low complexity
alienvault CWE-94
critical
10.0