OSGeo GeoServer Installed (Linux / Unix)

Binary data osgeogeoservernixinstalled.nbin...

A week in security (July 15 – July 21)

Last week on Malwarebytes Labs: CrowdStrike update at center of Windows "Blue Screen of Death" outage Number of data breach victims goes up 1,000% Gen Z breakups tainted by login abuse for spying and stalking, research shows Rite Aid says 2.2 million people affected in data breach AI device Rabbi...

VulnCheck KEV: CVE-2023-43795

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request...

Metasploit Weekly Wrap-Up 7/19/2024

GeoServer Unauthenticated RCE This week, contributor h00die-gr3y added an interesting exploit module that targets the GeoServer open-source application. This software is used to view, edit, and share geospatial data. Versions prior to 2.23.6, versions between 2.24.0 and 2.24.3 and versions betwee...

Exploit for Code Injection in Geoserver

Geoserver CVE-2024-36401 Vulnerability Exploitation Tool Ge...

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

Geoserver Unauthenticated Remote Code Execution Exploit

GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System GIS databases,...

VulnCheck KEV: CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

Geoserver Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geoserver unauthenticated Remote Code Execution', 'Description' = %q GeoServer is an open-source software server written in Java that provides th...

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

Geoserver unauthenticated Remote Code Execution

GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System GIS databases,...

Exploit for Code Injection in Geoserver

RCE vulnerability in GeoServer CVE-2024-36401 - detection sc...

Exploit for Code Injection in Geoserver

CVE-2024-36401 Remote Code Execution RCE Vulnerability In...

Exploit for Code Injection in Geoserver

CVE-2024-36401: GeoServer Unauthenticated Remote Code Executio...

Vulnerability fixed in GeoServer

The developers of GeoServer have fixed a vulnerability. Proof-of-Concept PoC code for this vulnerability has appeared on the Internet. The vulnerability resides in the way XPath expressions are processed by the API and allows a malicious person to use specially prepared XPath expressions to execu...

Exploit for Code Injection in Geoserver

GeoServer 无回显 远程代码执行漏洞 CVE-2024-36401 options: -h, --help sho...

Exploit for Code Injection in Geoserver

RCE for CVE-2024-36401 POC for CVE-2024-36401 GeoServer. This...

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...

VulnCheck KEV: CVE-2024-36401

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

GeoServer Remote Code Execution Vulnerability

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. GeoServer suffers from a remote code execution vulnerability due to the system insecurely parsing attribute names as XPath expressions, which can be exploited by an unauthenticated,...