14 matches found
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...
Exploit for Code Injection in Apache Ofbiz
Exploit CVE-2023-49070 and CVE-2023-51467 Apache OFBiz 18.12...
Exploit for Code Injection in Apache Ofbiz
Apache OFBiz Authentication Bypass Vulnerability CVE-2023-514...
Imperva defends customers against recent vulnerabilities in Apache OFBiz
On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery SSRF by bypassing the program’s authentication. This...
Apache OFBiz 18.12.09 Remote Code Execution Exploit
Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability. From: Jacques Le Roux Date: Mon, 04 Dec 2023 21:04:50 +0000 Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to...
Apache OFBiz 18.12.09 Remote Code Execution
From: Jacques Le Roux Date: Mon, 04 Dec 2023 21:04:50 +0000 Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are...
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning ERP system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplet...
Exploit for Code Injection in Apache Ofbiz
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz!!...
Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...
CVE-2023-49070
CVE-2023-49070 is a pre-auth RCE in Apache OFBiz up to version 18.12.09, caused by an unused XML-RPC component that remains present. Affected product: Apache OFBiz before 18.12.10 (and related CVE-2023-51467 authentication-bypass vector). The severity is high (CVSS v3.1 base score 9.8) with netwo...
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 Recent assessments: cbeek-r7 at January 03, 2024 8:34am UTC reported: CVE-2023-49070 is a critical...
CVE-2023-49070
creationtimestamp| type| source ---|---|--- 2021-03-11 18:53:17+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apacheofbizdeserialization.rb 2023-12-08 14:28:36+00:00| seen| Telegram/IuHaczD9X9yiXtYJrXIfE8UGwYIIen3ztK7ZS7N3IpycMQ 2023-12-14...