exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2018-19276

Status Candidate

Overview

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.

Related Files

OpenMRS Java Deserialization Remote Code Execution
Posted Dec 17, 2019
Authored by Nicolas Serra, Shelby Pace, mpgn | Site metasploit.com

OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the webservices.rest module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as /ws/rest/v1/concept. This Metasploit module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform v2.1.2 and v2.21 with Java 8 and Java 9.

tags | exploit, java, remote, code execution
advisories | CVE-2018-19276
SHA-256 | 6f1e855ade450fdc21c2afb884ec83e11fd67f1b304b45c6db40c7d5cf974dc7
Download | Favorite | View
OpenMRS Platform Insecure Object Deserialization
Posted Feb 6, 2019
Authored by Bishop Fox

OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.

tags | exploit
advisories | CVE-2018-19276
SHA-256 | 9bf1c1fe0961989653634a152fe1a2263d4a1488abc16bf63c5f68b95b248603
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close