Lucene search
K

14 matches found

Nuclei
Nuclei
added 2026/06/17 5:14 a.m.48 views

Apache OFBiz <17.12.06 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. id: CVE-2021-26295 info: name: Apache OFBiz 17.12.06 - Arbitrary Code Execution author: madrobot severity: critical description: | Apache OFBiz...

9.8CVSS8.8AI score0.97969EPSS
Exploits9References6
GithubExploit
GithubExploit
added 2021/05/13 1:28 p.m.124 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

ofbiz-poc CVE-2020-9496 and CVE20209496 utilize dnslog for...

9.8CVSS7.1AI score0.98926EPSS
Exploits23
Check Point Advisories
Check Point Advisories
added 2021/04/28 12:0 a.m.9 views

Apache OFBiz Insecure Deserialization(CVE-2021-26295)

An insecure deserialization vulnerability exists in Apache OFBiz. This vulnerability is due to Java serialization issues when processing requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request...

7.5CVSS3.9AI score0.97969EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2021/04/09 7:17 p.m.128 views

Metasploit Wrap-Up

Spilling the Gitea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user’s ability to create Git hooks by authenticating with the web interface, creating a dummy...

10CVSS0.3AI score0.98376EPSS
Exploits29
0day.today
0day.today
added 2021/04/07 12:0 a.m.168 views

Apache OFBiz SOAP Java Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://ofbiz.apache.org/service/', 'soapenv' = 'http://schemas.xmlsoap.org/soap/envelope/' .freeze def initializeinfo = super updateinfo info,...

9.8CVSS9.6AI score0.97969EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/04/06 12:0 a.m.559 views

Apache OFBiz SOAP Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://ofbiz.apache.org/service/', 'soapenv' = 'http://schemas.xmlsoap.org/soap/envelope/' .freeze def initializeinfo = super updateinfo info,...

7.5CVSS0.3AI score0.97969EPSS
Exploits9
Metasploit
Metasploit
added 2021/04/05 5:42 p.m.76 views

Apache OFBiz SOAP Java Deserialization

This module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated SOAP endpoint /webtools/control/SOAPService for versions prior to 17.12.06. Module Options msf use exploit/linux/http/apacheofbizdeserializationsoap msf exploitapacheofbizdeserializationsoap show targets...

9.8CVSS9.5AI score0.97969EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2021/03/30 12:0 a.m.56 views

Apache OFBiz Remote Code Execution (CVE-2021-26295)

Binary data apacheofbizcve-2021-26295.nbin...

9.8CVSS9.6AI score0.97969EPSS
Exploits9References3
GithubExploit
GithubExploit
added 2021/03/23 3:25 p.m.71 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2021-26295-POC This example demonstrates exploiting the C...

9.8CVSS7.7AI score0.97969EPSS
Exploits9
OSV
OSV
added 2021/03/22 12:15 p.m.29 views

CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz...

9.8CVSS6.8AI score
Exploits0References13
CVE
CVE
added 2021/03/22 12:0 p.m.327 views

CVE-2021-26295

Apache OFBiz contains an unsafe Java deserialization vulnerability in requests leading to remote takeover on versions prior to 17.12.06. Multiple sources (including MSF exploit for the SOAP endpoint prior to 17.12.06) describe PoCs/Exploits and DNS-log-based validation. Affected component is OFBi...

9.8CVSS9.5AI score0.97969EPSS
In wildExploits9References13Affected Software1
Circl
Circl
added 2021/03/22 9:43 a.m.49 views

CVE-2021-26295

creationtimestamp| type| source ---|---|--- 2021-03-22 09:43:54+00:00| seen| https://t.me/thehackernews/1104 2021-03-22 12:32:43+00:00| seen| https://t.me/cKure/4479 2021-03-22 12:59:17+00:00| seen| https://t.me/cKure/4482 2021-03-22 15:37:06+00:00| seen| https://t.me/cibsecurity/25218 2021-03-29...

9.8CVSS7.6AI score0.97969EPSS
In wildExploits9References13
The Hacker News
The Hacker News
added 2021/03/22 8:34 a.m.5 views

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning ERP system. Tracked as CVE-2021-26295, the flaw affects all versions of t...

9.8CVSS8.1AI score0.97969EPSS
Exploits9
seebug.org
seebug.org
added 2021/03/22 12:0 a.m.56 views

Apache OFBiz RCE漏洞(CVE-2021-26295)

...

7.5CVSS1.3AI score0.97969EPSS
Exploits9
Rows per page
Query Builder