15 matches found
Apache OFBiz - Improper Authorization & Remote Code Execution
Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...
Exploit for Incorrect Authorization in Apache Ofbiz
This is a PoC exploit for CVE-2024-38856, a remote code executio...
Exploit for Path Traversal in Apache Ofbiz
📌 Apache OFBiz RCE Exploit CVE-2024-38856 Ce script Python...
Exploit for Incorrect Authorization in Apache Ofbiz
Apache-OFBiz-Exploit Exploit for Apache OFBiz CVE-2024-38856...
Exploit for Incorrect Authorization in Apache Ofbiz
cveCVE-2024-38856-poc CVE-2024-38856 is a serious vulnerabil...
Apache OFBiz < 18.12.15 Remote Code Execution (CVE-2024-38856)
The version of Apache OFBiz running on the remote host is potentially affected by a remote code execution vulnerability: - Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes th...
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning ERP system to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38856link is external Apache OFBiz Incorrect Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...
Exploit for Incorrect Authorization in Apache Ofbiz
CVE-2024-38856-EXP --- bash bash CVE-2024-23692.sh...
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning ERP system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS...
CVE-2024-38856
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...
CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...
CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...
CVE-2024-38856
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...
CVE-2024-38856
creationtimestamp| type| source ---|---|--- 2024-06-17 15:39:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apacheofbizforgotpassworddirectorytraversal.rb 2024-08-05 11:10:43+00:00| published-proof-of-concept| https://t.me/HackingInsights/86...