Full title: AlienVault OSSIM av-centerd Command Injection Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.

# 0day.today @ http://0day.today/