6 matches found
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
Openbravo ERP XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/dns' require 'rexml/document' class MetasploitModule 'Openbravo ERP XXE Arbitrary File Read', 'Description' = %q The Openbravo ERP XML API expands external...
Openbravo ERP XXE Arbitrary File Read
The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as generally not root. This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6. This module requires...
CVE-2013-3617
creationtimestamp| type| source ---|---|--- 2013-10-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38818 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/openbravoxxe.rb 2025-02-06 03:13:41+00:00| seen|...
Openbravo ERP contains an information disclosure vulnerability
Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...
Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)
A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...