what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Apache OFBiz 13.07.02 / 13.07.01 Information Disclosure
Posted Apr 11, 2016
Authored by Jacques Leroux

Apache OFBiz versions 13.07.02 and 13.07.01 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-2170
MD5 | 7077ed36b6f93f67aad1bfdd06b20521

Related Files

Apache OFBiz SOAP Java Deserialization
Posted Apr 6, 2021
Authored by Spencer McIntyre, wvu, yumusb | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated SOAP endpoint /webtools/control/SOAPService for versions prior to 17.12.06.

tags | exploit, java
advisories | CVE-2021-26295
MD5 | 0c60a02f29914741889c08a1688d97ff
Apache OFBiz XML-RPC Java Deserialization
Posted Mar 12, 2021
Authored by Alvaro Munoz, wvu | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

tags | exploit, java
advisories | CVE-2020-9496
MD5 | ce10e20707a4fee8b630f43701401064
Apache OFBiz XML-RPC Java Deserialization
Posted Aug 17, 2020
Authored by Alvaro Munoz, wvu | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

tags | exploit, java
advisories | CVE-2020-9496
MD5 | 10edb9ed941935f4a87845caa769a7b6
Apache OFBiz 17.12.03 Cross Site Request Forgery
Posted May 1, 2020
Authored by Faiz Ahmed Zaidi

Apache OFBiz version 17.12.03 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-0235
MD5 | 80b445977ce830e55d1eb3d7d0b82da7
Apache OFBiz 16.11.05 Cross Site Scripting
Posted Dec 12, 2018
Authored by DKM

Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2bdc946a9fe5817a2d11a5b13c07566f
Apache OFBiz 16.11.04 XML Injection
Posted Oct 24, 2018
Authored by Jamie Parfet

Apache OFBiz version 16.11.04 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | a88b221f2ca2e7c605f98af851140409
Apache OFBiz 13.07.02 / 13.07.01 Information Disclosure
Posted Apr 10, 2016
Authored by Jacques Leroux, Lilian Iatco

Apache OFBiz versions 13.07.02 and 13.07.01 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2015-3268
MD5 | ce98aab8feaffc66b54731631cfd90e3
Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting
Posted Aug 19, 2014
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-0232
MD5 | e86ea203e7399ec79cd7e2b631ad0c0f
Apache OFBiz Arbitrary UEL Function Execution
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a nest expression evaluation that allows remote users the ability to execute arbitrary UEL functions.

tags | advisory, remote, arbitrary
advisories | CVE-2013-2250
MD5 | e306469c57d326ef0890fcca84c3fea2
Apache OFBiz Cross Site Scripting
Posted Jul 20, 2013
Authored by Gregory Draperi | Site ofbiz.apache.org

Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2137
MD5 | 5cf12ccde0fa77ae77b0bec91202b324
Secunia Security Advisory 51812
Posted Jan 24, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 2aba36b1c57563c1381a426743332809
Apache OFBiz Cross Site Scripting
Posted Jan 20, 2013
Authored by Marcos Garcia, Juan Caillava

Apache OFBiz versions 10.04.05 and below and 11.04.01 and below suffer from a reflected cross site scripting vulnerability. Full exploitation details provided.

tags | exploit, xss
advisories | CVE-2013-0177
MD5 | 061d43f6b1f8df0846bc859235dda908
Apache OFBiz 11.04.01 / 10.04.04 Cross Site Scripting
Posted Jan 19, 2013
Authored by Marcos Garcia, Juan Caillava | Site ofbiz.apache.org

Apache OFBiz versions 11.04.01 and 10.04.04 suffer from reflective cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0177
MD5 | d5e5f39a11b428d31ecd2b3c13204cf5
Secunia Security Advisory 51052
Posted Oct 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in Apache OFBiz.

tags | advisory
MD5 | 1a9a347e7af497ee81d192428a0f9e9a
Apache OFBiz 10.04 Code Execution
Posted Apr 16, 2012
Authored by Jacopo Cappellato

Apache OFBiz versions 10.04 and later allow remote attackers to execute arbitrary code.

tags | advisory, remote, arbitrary
MD5 | 16893f0a3b640f92fec6e9f58fb63079
Secunia Security Advisory 48800
Posted Apr 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apache OFBiz, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
MD5 | 828b89c382d569ec0fa6453c3b494b0a
CVE Checker 0.5
Posted Sep 3, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: The tool should now build properly on NetBSD and FreeBSD (although more user experience here is still welcome). This release introduces a cvereport command (example output can be found at the project site), and has lowered its initial dependency requirements. pullcves now only loads the CVE XML changes in the database, rather than iterating across all CVE XML entries.
tags | vulnerability
systems | unix
MD5 | d6c5e5538ebcc6e87a24a1ff70d38942
CVE Checker 0.4
Posted Aug 26, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This release includes internal project files reorganization (more to the liking of the GNU autoconf/automake standards), fixes a database leak bug, and introduces a slightly more intelligent pullcves command (with multiple return code behavior to improve automation efforts). All documentation has been updated, and a pullcves manual page has been added.
tags | vulnerability
systems | unix
MD5 | 83ec8494760832e1e391601aa0a612e7
CVE Checker 0.3
Posted Aug 21, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: Cleanups in the CSV output have been made, and a few sample reporting files have been added. This release fixes a few bugs in file matching support and adds --no-check-certificates to the wget command.
tags | vulnerability
systems | unix
MD5 | 1de655f957214c0c9da92df1fadce655
Apache CouchDB Cross Site Request Forgery
Posted Aug 17, 2010
Authored by Jan Lehnardt | Site couchdb.apache.org

Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.

tags | advisory, web, arbitrary, javascript, csrf
MD5 | 65d8869788216e6c830f5184962e2e09
CVE Checker 0.2
Posted Aug 17, 2010
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This release fixes ./configure to fail when sqlite3 or libconfig isn\'t present. It fixes make to support make install. It fixes compiler warnings on size_t usage.
tags | vulnerability
systems | unix
MD5 | 10d25a36b8ae26465de794551a8fd3c8
Apache Tomcat Remote Denial Of Service / Information Disclosure
Posted Jul 10, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from denial of service and information disclosure vulnerabilities. Versions 5.5.0 through 5.5.29, 6.0.0 through 6.0.27 and 7.0.0 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
advisories | CVE-2010-2227
MD5 | c6c324200350deaf9fdba926a4f1be01
Apache Tomcat Information Disclosure
Posted Apr 23, 2010
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from an information disclosure vulnerability. Versions 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 are affected.

tags | advisory, info disclosure
advisories | CVE-2010-1157
MD5 | 51af7a60ff81be104c205365d3c31233
Apache OFBiz SQL Injection
Posted Apr 16, 2010
Authored by Lucas Apa

The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.

tags | exploit, arbitrary, javascript, xss, proof of concept
advisories | CVE-2010-0432
MD5 | 06499ea34599c1ecbb851d75f97b3f56
Apache OFBiz Cross Site Scripting
Posted Apr 16, 2010
Authored by Lucas Apa

Apache OFBiz suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2010-0432
MD5 | aacd7ee73aefbe119b19a345b93c1693
Page 1 of 4
Back1234Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close