Showing 1 - 7 of 7

Files from Michael Wedl

First Active	2023-05-05
Last Active	2023-05-05

Jedox 2022.4.2 Database Credential Disclosure: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; Jedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function.; tags | exploit, remote, php, info disclosure; advisories | CVE-2022-47880; SHA-256 | 0d65954fe57317294bfe2c400f3db4b3623426f3c49974de9f8966129d23c3cd; Download | Favorite | View

Jedox 2020.2.5 Database Credential Disclosure: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; Jedox version 2020.2.5 suffers from having improper access controls in /tc/rpc that allows remote authenticated users to view details of database connections via the class com.jedox.etl.mngr.Connections and the method getGlobalConnection.; tags | exploit, remote, info disclosure; advisories | CVE-2022-47874; SHA-256 | 4978dc2461b1d119aeb99611968991dd695fb91ff2de8614aa5259189ffcb604; Download | Favorite | View

Jedox 2020.2.5 Groovy-Scripts Remote Code Execution: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; The Jedox Integrator in Jedox version 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.; tags | exploit, remote, arbitrary; advisories | CVE-2022-47876; SHA-256 | 8065e4e78250d240608b08aca1a8685e42ececaa25eca5af679674be330ecc23; Download | Favorite | View

Jedox 2020.2.5 Configurable Storage Path Remote Code Execution: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; Jedox version 2020.2.5 suffers from a remote code execution vulnerability via the configurable storage path.; tags | exploit, remote, code execution; advisories | CVE-2022-47878; SHA-256 | 1f5b7d73b66de8f365d23ecb454074cbd33059b441e26b4c3d83bd8016ebe4dc; Download | Favorite | View

Jedox 2020.2.5 Cross Site Scripting: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; Jedox version 2020.2.5 has a persistent cross site scripting vulnerability that allows remote authenticated users to inject arbitrary web scripts or HTML in the logs page via the log module.; tags | exploit, remote, web, arbitrary, xss; advisories | CVE-2022-47877; SHA-256 | 5164b7a5306b238573d253d40ef2fa647e9a36ad1421e0ef98c89b532a85fe01; Download | Favorite | View

Jedox 2022.4.2 Directory Traversal / Remote Code Execution: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; Jedox version 2022.4.2 has a directory traversal vulnerability in /be/erpc.php allows remote authenticated users to execute arbitrary code.; tags | exploit, remote, arbitrary, php, file inclusion; advisories | CVE-2022-47875; SHA-256 | c9cad2fb718763533c5af806ca3b6ce9f045e040593ca5a0ad42e98f36535634; Download | Favorite | View

Jedox 2022.4.2 RPC Interface Remote Code Execution: Posted May 5, 2023; Authored by Christoph Mahrl, Patrick Pirker, Michael Wedl, Aron Molnar; Jedox version 2022.4.2 has a vulnerability in /be/rpc.php and /be/erpc.php that allows remote authenticated users to load arbitrary PHP classes from the rtn directory and to execute its methods.; tags | exploit, remote, arbitrary, php; advisories | CVE-2022-47879; SHA-256 | ccf211f35f6efc1e74056a425e818939d4b997eb3c43d2de782f50e9ba9d5712; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days