4.3
CVSSv2

CVE-2020-9496

Published: 15/07/2020 Updated: 04/08/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 388
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache ofbiz 17.12.03

Mailing Lists

Apache OfBiz version 171201 exploit that achieves remote command execution via unsafe deserialization of XMLRPC arguments ...

Github Repositories

0x00 Introduction 一款GUI漏洞利用工具,主要辅助红队进行复杂的攻击场景的利用,如部分非http协议和异步漏洞利用。目前该版本开发较为仓促,后续会频繁迭代。 目前支持的漏洞有: Fastjson漏洞回显 Jmxrmi漏洞回显 RmiServer漏洞回显 ApacheOfbiz漏洞利用回显 0x01 环

CVE-2020-9496 Apache OFBiz unsafe deserialization of XMLRPC arguments

CVE-2020-9496 CVE-2020-9496 manual exploit

ofbiz-poc CVE-2020-9496和CVE_2020_9496利用dnslog批量验证漏洞poc及exp OFBiz_CVE_2020_9496py 及 OFBiz_CVE_2021_26295py 为单个漏洞验证 ofbiz_pocpy 为批量验证两个漏洞,将需要批量验证的网站保存至urlstxt 漏洞复现请查看:yuaneurocn/archives/ofbizhtml

CVE-2020-9496 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 171203

CVE-2020-9496

Articles accumulated by the 360Quake team.

Papers Articles accumulated by the 360Quake team Title Date SolarWinds失陷服务器测绘分析报告 2020-12-16 TLS server-side tagging 2020-12-14 利用JARM指纹进行TLS服务端标记 2020-12-13 利用高级组合语法拓线发掘某工控系统 2020-12-04 Hunting Beacons 2020-12-01 浅析 CobaltStrike Beacon Staging Server 扫描 2020-12-01 2020年

互联网安全 推荐 ts title url 玄武实验室 推荐 ts title url 20200814 实时检测 4G 伪基站 iblackhatcom/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Timepdf 20200814 将要发布的 Chome 86 版本将改进地址栏显示 URL 的方式,以防御地址栏欺骗 blogchromiumorg/2020/08/helping-people-

pocExp 已写应用 Apache Flink Apache OFBiz Citrix Coremail Confluence D-Link Eyou-亿邮 Exchange F5 BIG-IP FineReport-帆软 Gitlab H3C K-金蝶 Lanproxy Laravel Live800 Jboss Jellyfin Jetty OA-金和 OA-蓝凌 OA-泛微 OA-然之协同 OA-致远 OA-通达 Phpstudy Q-齐治堡垒机 Ruijie-锐捷 Spring Thinkadmin ThinkPHP3 ThinkPHP5 T-360天擎 Typecho VMware Weblogic Yon

The cheat sheet about Java Deserialization vulnerabilities

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\cvescan\critical\CVE-2018-1

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android