Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-5578

Malware in sbrugna...

5.5CVSS5.5AI score0.02135EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:26 a.m.5 views

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

5.5CVSS6.6AI score0.02135EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:48 a.m.10 views

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

3.5CVSS6.6AI score0.21074EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.212 views

Openbravo ERP XXE Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/dns' require 'rexml/document' class MetasploitModule 'Openbravo ERP XXE Arbitrary File Read', 'Description' = %q The Openbravo ERP XML API expands external...

3.5CVSS7AI score0.21074EPSS
Exploits3
CNVD
CNVD
added 2019/07/29 12:0 a.m.2 views

Openbravo ERP Directory Traversal Vulnerability

Openbravo ERP is a web-based enterprise resource planning ERP solution. A path traversal vulnerability exists in Openbravo ERP versions prior to 3.0PR19Q1.3. The vulnerability stems from the failure of a networked system or product to properly filter special elements in the path of a resource or...

5.5CVSS6.8AI score0.02135EPSS
Exploits1References1
NVD
NVD
added 2019/07/28 6:15 p.m.9 views

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

5.5CVSS5.3AI score0.02135EPSS
Exploits1References3
OSV
OSV
added 2019/07/28 6:15 p.m.1 views

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

5.4CVSS5.8AI score0.02135EPSS
Exploits1References3
CVE
CVE
added 2019/07/28 5:26 p.m.99 views

CVE-2019-14362

Openbravo ERP prior to 3.0PR19Q1.3 is affected by a Directory Traversal vulnerability. The issue allows remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. Affected component is Openbravo ERP (web application) with directory ...

5.5CVSS5.2AI score0.02135EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/07/28 5:26 p.m.22 views

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

5.3AI score0.02135EPSS
Exploits1References3
NVD
NVD
added 2013/11/02 7:55 p.m.27 views

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

3.5CVSS6.3AI score0.21074EPSS
Exploits3References3
Prion
Prion
added 2013/11/02 7:55 p.m.16 views

Xxe

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

3.5CVSS6.8AI score0.21074EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2013/11/02 7:0 p.m.33 views

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

6.3AI score0.21074EPSS
Exploits3References3
CVE
CVE
added 2013/11/02 7:0 p.m.80 views

CVE-2013-3617

CVE-2013-3617 affects Openbravo ERP 2.5, 3.0 and earlier. The XML API permits remote authenticated users to read arbitrary files via an XML External Entity (XXE) vulnerability, using an external entity declaration with a reference to internal /ws/dal/ interfaces (e.g., ADUser). Impact: potential ...

3.5CVSS6.5AI score0.21074EPSS
Exploits3References3Affected Software1
Metasploit
Metasploit
added 2013/10/30 5:20 p.m.45 views

Openbravo ERP XXE Arbitrary File Read

The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as generally not root. This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6. This module requires...

3.5CVSS6.3AI score0.21074EPSS
Exploits3
exploitpack
exploitpack
added 2013/10/30 12:0 a.m.14 views

Openbravo ERP - XML External Entity Information Disclosure

Openbravo ERP - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/63431/info Openbravo ERP is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Openbrav...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2013/10/30 12:0 a.m.23 views

Openbravo ERP - XML External Entity Information Disclosure

source: https://www.securityfocus.com/bid/63431/info Openbravo ERP is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Openbravo ERP 2.5 and 3.0 are vulnerable...

7.4AI score
Exploits0
CERT
CERT
added 2013/10/30 12:0 a.m.39 views

Openbravo ERP contains an information disclosure vulnerability

Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...

3.5CVSS5.9AI score0.21074EPSS
Exploits3References6
Rows per page
Query Builder