Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 1:48 a.m.10 views

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

3.5CVSS6.6AI score0.21074EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.215 views

Openbravo ERP XXE Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/dns' require 'rexml/document' class MetasploitModule 'Openbravo ERP XXE Arbitrary File Read', 'Description' = %q The Openbravo ERP XML API expands external...

3.5CVSS7AI score0.21074EPSS
Exploits3
Metasploit
Metasploit
added 2013/10/30 5:20 p.m.45 views

Openbravo ERP XXE Arbitrary File Read

The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as generally not root. This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6. This module requires...

3.5CVSS6.3AI score0.21074EPSS
Exploits3
Circl
Circl
added 2013/10/30 12:0 a.m.91 views

CVE-2013-3617

creationtimestamp| type| source ---|---|--- 2013-10-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38818 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/openbravoxxe.rb 2025-02-06 03:13:41+00:00| seen|...

3.5CVSS4.8AI score0.21074EPSS
Exploits3References2
CERT
CERT
added 2013/10/30 12:0 a.m.39 views

Openbravo ERP contains an information disclosure vulnerability

Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...

3.5CVSS5.9AI score0.21074EPSS
Exploits3References6
Check Point Advisories
Check Point Advisories
added 2013/09/29 12:0 a.m.42 views

Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)

A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...

7.5CVSS6.2AI score0.90455EPSS
Exploits6
Rows per page
Query Builder