ist das in der #bds -"logik" nicht ein ganz klarer fall von #rassismus? schliesslich ist joe chialo eine #poc, aber vermutlich gilt bei dem bds- #antisemitismus irgendeine andere "logik" 0o
#poc
One person like that
Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication
A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.
Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability was a bypass to a previously discovered vulnerability, CVE-2023-49070.
Since the root issue of CVE-2023-49070 was left open, a bypass has been discovered as a workaround for the patch. This new vulnerability has been assigned with CVE-2023-51467, and the severity has been given as 9.8 (Critical).
Apache OfBiz Zero-Day
CVE-2023-49070 was a pre-auth RCE vulnerability due to the presence of XML-RPC, which is no longer maintained. However, the released patch was only with removing XML RPC code from the application, which was open for an authentication bypass.
Test Cases
There were two test cases for exploiting this vulnerability—the first one involved including the requirePasswordChange=Y in the URI with empty USERNAME and PASSWORD parameters.
Due to the misconfiguration of the login condition block, the application resulted in the checkLogin function returning with a “success,” leading to the authentication bypass.
[
](https://twitter.com/hashtag/CVE?src=hash&ref_src=twsrc%5Etfw)
-2023-49070
Pre-auth RCE Apache Ofbiz 18.12.09
[
](https://twitter.com/hashtag/POC?src=hash&ref_src=twsrc%5Etfw)
:
/webtools/control/xmlrpc;/?USERNAME=&PASSWORD=s&requirePasswordChange=Y
Ref:
[
cc to me.
[
pic.twitter.com/SHOkhzlH09
— Siebene@ (@Siebene7)
[
December 5, 2023
](https://twitter.com/Siebene7/status/1731870759130427726?ref_src=twsrc%5Etfw)
The second test case was similar to the first one, with slightly changing parameters. The USERNAME and PASSWORD parameters are submitted with invalid values.
However, the checkLogin function flow did not enter into the conditional block, which resulted in the authentication being bypassed.
[
](https://twitter.com/hashtag/CVE?src=hash&ref_src=twsrc%5Etfw)
-2023-49070 Apache Ofbiz XML-RPC
[
](https://twitter.com/hashtag/RCE?src=hash&ref_src=twsrc%5Etfw)
Affected Versions: < 18.12.10
[
pic.twitter.com/9QfiCty04f
— M4rtin Hsu (@0xf4n9x)
[
December 6, 2023
](https://twitter.com/_0xf4n9x_/status/1732289811665559775?ref_src=twsrc%5Etfw)
This vulnerability has a publicly available exploit, which penetration testers and security engineers can use to test if the vulnerability exists on their application.
Furthermore, a complete report about this vulnerability has been published by SonicWall, providing detailed information about the code analysis, exploitation, and other information.
Apache OfBiz has fixed this vulnerability in version 18.12.11 and newer. Users of Apache OfBiz are recommended to upgrade to the latest version of this software to prevent this vulnerability from getting exploited by threat actors.
The post Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
#CVE-2023-49070
— Siebene@ (@Siebene7) December 5, 2023
Pre-auth RCE Apache Ofbiz 18.12.09#POC:
/webtools/control/xmlrpc;/?USERNAME=&PASSWORD=s&requirePasswordChange=Y
Ref: https://t.co/NSgI7IQckp
cc to me. pic.twitter.com/SHOkhzlH09
#Racial #Profiling in #Hamburg : #Kontrollen im Minutentakt
Die massive #Polizeipräsenz auf St. #Pauli erzeugt Unsicherheit und Angst.
Wissenschaftler*innen haben die Situation vor Ort ausgewertet.
One person like that
Roald Dahl-Neufassung: Gespräch über 'Sensitivity Reading' | DW | 24.02.2023
Neben den Neufassungen von Roald Dahls Kinderbüchern will der Penguin Verlag noch 2023 eine unveränderte "Classic Collection" herausbringen. Er reagiert damit auf Kritik an der angekündigten Neuauflage.#SensitivityReading #RoaldDahl #CharlieunddieSchokoladenfabrik #Shakespeare #Diversität #POC
Roald Dahl-Neufassung: Gespräch über 'Sensitivity Reading' | DW | 24.02.2023
Roald Dahl-Neufassung: Was macht ein Sensitivity Reader? | DW | 24.02.2023
Neben den Neufassungen von Roald Dahls Kinderbüchern will der Penguin Verlag noch 2023 eine unveränderte “Classic Collection” herausbringen. Er reagiert damit auf Kritik an der Neufassung nach einem Sensitivity Reading.#SensitivityReading #RoaldDahl #CharlieunddieSchokoladenfabrik #Shakespeare #Diversität #POC
Roald Dahl-Neufassung: Was macht ein Sensitivity Reader? | DW | 24.02.2023
Sensitivity Reader: Hilfe statt Zensur | DW | 24.02.2023
Aus den Neufassungen von Roald Dahls Kinderbüchern sollen anstößige Inhalte und Wörter verschwinden. Einige reden von Zensur, andere finden das angemessen. DW hat mit Sensitivity Readerin Helen Gould gesprochen.#SensitivityReading #RoaldDahl #CharlieunddieSchokoladenfabrik #Shakespeare #Diversität #POC
Sensitivity Reader: Hilfe statt Zensur | DW | 24.02.2023
One person like that
#peopleofcolor #poc #diversity #diverse #diversefriends #equity #diversityisourstrength #equalityforall #diversityisastrength #melaningoddess
#diversityisastrength #melaninking
#diversityandinclusion #equality #diversityequityandinclusion #inclusion #peopleofdiversecolor #whitepeople #caucasian #caucasians #women #indoeuropean #protoindoeuropean #beauty #nature #god #memes #meme
2 Likes
2 Comments
Stolpersteine für Schwarze NS-Opfer: Lücken füllen - taz.de
https://taz.de/Stolpersteine-fuer-Schwarze-NS-Opfer/!5796828/
7 Likes
Seufz...
Ich bin definitiv zu alt für diesen Scheiss. Viel zu alt...
https://www.rnz.de/nachrichten/heidelberg_artikel,-heidelberg-junge-menschen-protestieren-gegen-lokal-mohr-_arid,703195.html
#rassismus #mohr #poc #allebekloppt
3 Likes
14 Comments
Over the night, I updated the pod to version 0.6.2 as well as migrated it to a new server. As many have noticed in the past, most of the social networking plugins were broken. I have completely removed them in the new server. If you notice anything missing and/or broken, please let me know either by emailing me under the “Got a problem?” link or PM’ing me. #POC #Podmin #Update
Bon et donc c'est cool j'ai implémenté côté GPU une génération de diagrammes de Vonoroï en deux variantes convoluées avec une cloche générée avec la formule d'interpolation utilisée dans le bruit de Perlin amélioré. C'est d'ailleurs cette cloche qui remplacera, en plus des autres tampons le cône que j'utilisais dans le stamp noise.
Comme le procédé est très simple à expliquer je devrais sortir un article très bientôt sur le sujet :)
À bientôt!
#Perlin #BruitDePerlin #GénérationProcédurale #Procédurale #Algorithme #OpenSource #Libre #CC #CreativeCommon #Blog #UNIVERSE #denissalem #OpenGL #VR #RéalitéVirtuel #univers #3D #math #algorithmique #analyse #mathématique #mathématiques #GNU-GPL #dev #devlog #log #developpement #logiciel #geek #free #StampNoise #CoherentNoise #simulation #Art #code #coding #generativeArt #generativeDesign #generative #science #fractal #fractalArt #GPL #technologie #GPU #Graphic #Render #Rendering #Graphique #PoC #ProofOfConcept #Shader #ComputeShader
One person like that