17 matches found
EUVD-2019-5578
Malware in sbrugna...
CVE-2019-14362
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
Openbravo ERP XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/dns' require 'rexml/document' class MetasploitModule 'Openbravo ERP XXE Arbitrary File Read', 'Description' = %q The Openbravo ERP XML API expands external...
Openbravo ERP Directory Traversal Vulnerability
Openbravo ERP is a web-based enterprise resource planning ERP solution. A path traversal vulnerability exists in Openbravo ERP versions prior to 3.0PR19Q1.3. The vulnerability stems from the failure of a networked system or product to properly filter special elements in the path of a resource or...
CVE-2019-14362
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...
CVE-2019-14362
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...
CVE-2019-14362
Openbravo ERP prior to 3.0PR19Q1.3 is affected by a Directory Traversal vulnerability. The issue allows remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. Affected component is Openbravo ERP (web application) with directory ...
CVE-2019-14362
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
Xxe
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
CVE-2013-3617
CVE-2013-3617 affects Openbravo ERP 2.5, 3.0 and earlier. The XML API permits remote authenticated users to read arbitrary files via an XML External Entity (XXE) vulnerability, using an external entity declaration with a reference to internal /ws/dal/ interfaces (e.g., ADUser). Impact: potential ...
Openbravo ERP XXE Arbitrary File Read
The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as generally not root. This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6. This module requires...
Openbravo ERP - XML External Entity Information Disclosure
Openbravo ERP - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/63431/info Openbravo ERP is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Openbrav...
Openbravo ERP - XML External Entity Information Disclosure
source: https://www.securityfocus.com/bid/63431/info Openbravo ERP is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Openbravo ERP 2.5 and 3.0 are vulnerable...
Openbravo ERP contains an information disclosure vulnerability
Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...