Apache OFBiz Freemarker Instruction Code Execution Vulnerability

Apache OFBiz is an enterprise resource planning system from the Apache Software Foundation in the United States. Apache OFBiz has a security vulnerability in passing valid Freemarker commands to the Template Engine, allowing remote attackers to exploit the vulnerability to construct special...

CVE-2016-4462

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz...

PT-2017-8497 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 16.11.01 Description: The issue allows a malicious, logged-in user to manipulate the externalLoginKey URL parameter to pass valid Freemarker directives to the Template Engine, which are then reflected on the...

Apache OFBiz - FULLADMIN Creator PoC Payload

No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

Apache OFBiz FULLADMIN Creator PoC Payload

Exploit for multiple platform in category remote exploits ========================================== Apache OFBiz FULLADMIN Creator PoC Payload ========================================== / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com...

Apache OFBiz - Admin Creator

Apache OFBiz - Admin Creator / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...