CVE-2014-3804

Related Files

Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution

Posted Sep 15, 2017

Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found within the sync_rserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist during the parsing of the $uuid parameter. This allows for the escaping of a system command allowing for arbitrary command execution as root.

tags | exploit, arbitrary, root

advisories | CVE-2014-3804

SHA-256 | c5d3cc878780fde621fb0eaa9cf72d1a173e80bb8af8c96151703f11d0f99f4d

Download | Favorite | View

AlienVault OSSIM av-centerd Command Injection

Posted Jun 19, 2014

Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.

tags | exploit, web, perl, code execution

advisories | CVE-2014-3804

SHA-256 | f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8

Download | Favorite | View