Skip to main content
CVE-2014-5210 CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
17.0%
Threat
4.0
CVE-2014-5383 MEDIUM POC THREAT This Month

SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.9%.

SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
28.9%
CVE-2014-5158 CRITICAL Act Now

The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
CVSS 2.0
10.0
EPSS
5.5%
CVE-2014-3577 MEDIUM POC PATCH This Month

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Apache Httpclient Httpasyncclient
NVD
CVSS 2.0
5.8
EPSS
1.4%
CVE-2014-5385 MEDIUM POC This Month

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Shopizer
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-5159 HIGH This Week

SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Open Source Security Information Management
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5384 MEDIUM This Month

The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Freebsd Netbsd
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3951 MEDIUM This Month

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Freebsd Netbsd
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3562 MEDIUM This Month

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure 389 Directory Server Directory Server Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy