Experts created a PoC for Apache OFBiz flaw CVE-2023-51467

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and identification through device scanning.
You may click to consent to our and our 748 partners' processing as described above.
Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting.
Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing.

This Cyber News was published on securityaffairs.com. Publication date: Fri, 12 Jan 2024 13:13:05 +0000

Cyber News related to Experts created a PoC for Apache OFBiz flaw CVE-2023-51467

Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
1 year ago Securityweek.com CVE-2023-49070 CVE-2023-51467 CVE-2023-50164 CVE-2023-46604

Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
1 year ago Packetstormsecurity.com CVE-2023-49070 CVE-2023-51467 CVE-2023-50164 CVE-2023-46604

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467

Critical Apache OFBiz Zero-day Flaw Exploited in the Wild - Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz's open-source enterprise resource planning system. The vulnerability allows attackers to bypass simple ...
1 year ago Cybersecuritynews.com CVE-2023-51467 CVE-2023-49070

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
10 months ago Aws.amazon.com

Experts released PoC exploit code for RCE in Fortinet SIEM - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Crowdfense is offering a larger 30M USD exploit acquisition program. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. PoC ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2024-23897 CVE-2024-0204 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-34039 CVE-2023-38035 APT28 Black Basta

Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OfBiz, an open source ERP system with what researchers described as a surprisingly wide ...
1 year ago Go.theregister.com CVE-2023-51467 CVE-2023-49070

Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFBiz, an open source ERP system with what researchers described as a surprisingly wide ...
1 year ago Packetstormsecurity.com CVE-2023-51467 CVE-2023-49070

Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28

Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke

Imperva defends customers against recent vulnerabilities in Apache OFBiz - On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery by ...
1 year ago Imperva.com CVE-2023-51467 CVE-2023-49070

High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke

Barracuda ESG, Apache OfBiz Vulnerabilities Persist - While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year's holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a ...
1 year ago Esecurityplanet.com CVE-2023-7101 CVE-2023-51467 CVE-2023-49070

FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2024-0204 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-38831 CVE-2023-38035 APT28 APT29

Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke

Experts found a macOS version of the sophisticated LightSpy spyware - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity bugs in ransomware attacks. Experts released PoC exploit for critical ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-0204 CVE-2023-20198 CVE-2023-22515 APT29 BianLian

Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-33246 CVE-2023-37582 Rocke

10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515

Zoho ManageEngine Flaw - Exploit and POC Details - A serious security flaw has been detected in Zoho ManageEngine, a widely used IT management solution and bug hunters have published a proof of concept (PoC) code on GitHub to demonstrate the exploit. ...
2 years ago Securityaffairs.com Hunters

CISA: Critical SharePoint vuln is under active exploitation The Register - Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list. When vulnerabilities are added to CISA's ...
1 year ago Theregister.com CVE-2023-29357 CVE-2023-24955

Experts created a PoC for Apache OFBiz flaw CVE-2023-51467 - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
1 year ago Securityaffairs.com