Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.10 views

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

6.1CVSS6.5AI score0.98926EPSS
Exploits16References1
GithubExploit
GithubExploit
added 2021/08/04 6:48 a.m.173 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 Because the 2 xmlrpc related requets in webtools...

6.1CVSS7AI score0.98926EPSS
Exploits16
0day.today
0day.today
added 2021/08/04 12:0 a.m.193 views

ApacheOfBiz 17.12.01 - Remote Command Execution via Unsafe Deserialization of XMLRPC arguments

Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link: https://archive.apache.org/dist/ofbiz/apache-ofbiz-17.12.01.zip...

6.1CVSS0.9AI score0.98926EPSS
Exploits16
Packet Storm
Packet Storm
added 2021/08/04 12:0 a.m.275 views

Apache OfBiz 17.12.01 Remote Command Execution

Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Date: 2021-08-04 Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link:...

6.1CVSS0.5AI score0.98926EPSS
Exploits16
Exploit DB
Exploit DB
added 2021/08/04 12:0 a.m.378 views

ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)

Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Date: 2021-08-04 Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link:...

6.1CVSS6.6AI score0.98926EPSS
Exploits16
GithubExploit
GithubExploit
added 2021/06/06 10:32 a.m.134 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 XML-RPC request are vulnerable to unsafe deseria...

6.1CVSS6.5AI score0.98926EPSS
Exploits16
GithubExploit
GithubExploit
added 2021/05/13 1:28 p.m.127 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

ofbiz-poc CVE-2020-9496 and CVE20209496 utilize dnslog for...

9.8CVSS7.1AI score0.98926EPSS
Exploits23
GithubExploit
GithubExploit
added 2021/05/07 4:50 p.m.153 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

6.1CVSS7.6AI score0.98926EPSS
Exploits16
GithubExploit
GithubExploit
added 2021/04/30 6:55 a.m.676 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

6.1CVSS7.5AI score0.98926EPSS
Exploits16
0day.today
0day.today
added 2021/03/13 12:0 a.m.121 views

Apache OFBiz XML-RPC Java Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

6.1CVSS6.6AI score0.98926EPSS
Exploits16
Circl
Circl
added 2021/03/11 6:53 p.m.9 views

CVE-2020-9496

creationtimestamp| type| source ---|---|--- 2021-03-11 18:53:17+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apacheofbizdeserialization.rb 2021-09-21 04:41:59+00:00| seen| https://t.me/pwnwikizhchannel/823 2023-06-27 05:01:40+00:00|...

6.1CVSS6.2AI score0.98926EPSS
Exploits16References4
Check Point Advisories
Check Point Advisories
added 2020/09/01 12:0 a.m.4 views

Apache Ofbiz Cross Site Scripting (CVE-2020-9496)

A cross-site scripting vulnerability exists in Apache Ofbiz. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.3CVSS5AI score0.98926EPSS
Exploits16
0day.today
0day.today
added 2020/08/18 12:0 a.m.568 views

Apache OFBiz XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04. This module requires Metasploit: https://metasploit.com/download Current source:...

6.1CVSS0.6AI score0.98926EPSS
Exploits16
Packet Storm
Packet Storm
added 2020/08/17 12:0 a.m.201 views

Apache OFBiz XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

4.3CVSS0.1AI score0.98926EPSS
Exploits16
GithubExploit
GithubExploit
added 2020/08/15 2:29 p.m.143 views

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 Set-up Vulnerable Environment bash ▶ wge...

6.1CVSS6.8AI score0.98926EPSS
Exploits16
CVE
CVE
added 2020/07/15 3:39 p.m.197 views

CVE-2020-9496

CVE-2020-9496 affects Apache OFBiz 17.12.x. The vulnerability stems from unsafe deserialization in the XML-RPC endpoint (/webtools/control/xmlrpc), enabling cross-site scripting and remote code execution via crafted XML-RPC requests. Affected version shown in sources includes 17.12.01 (and later ...

6.1CVSS6.1AI score0.98926EPSS
Exploits16References10Affected Software1
Cvelist
Cvelist
added 2020/07/15 3:39 p.m.36 views

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

6.1AI score0.98926EPSS
Exploits16References10
ATTACKERKB
ATTACKERKB
added 2020/07/15 12:0 a.m.130 views

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 Recent assessments: wvu-r7 at August 13, 2020 8:00pm UTC reported: Pre-auth RCE in ERP software that’s free and isn’t SAP? Sweet. And it’s a long-standing Apache project that’s often...

9.8CVSS7.5AI score0.98926EPSS
Exploits23References11
Rows per page
Query Builder