195 matches found
Exploit for CVE-2024-21182
CVE-2024-21182 — Oracle WebLogic Server T3/IIOP JNDI Injection...
Jolokia Agent - JNDI Code Injection
Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. id: CVE-2018-1000130 info: name: Jolokia Agent - JNDI Code Injection author: milo2012 severity: high description: | Jolokia agent i...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🔥 Solar Exploiting Log4j - TryHackMe Walkthrough 📌 Room: S...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🔥 Solar Exploiting Log4j - TryHackMe Walkthrough 📌 Room: S...
CVE-2023-49566
In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...
FASTJSON Includes Functionality from Untrusted Control Sphere
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
GHSA-JM7W-5684-PVH8 FASTJSON Includes Functionality from Untrusted Control Sphere
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
EUVD-2026-1694
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
CVE-2025-70974
CVE-2025-70974 concerns Alibaba Fastjson before 1.2.48. The issue arises from how autoType is handled: when a JSON document contains an @type key whose value is a Java class name, certain public methods may be invoked, enabling a JNDI injection with an attacker-controlled payload. The vulnerabili...
CVE-2025-64428
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...
CVE-2025-64428 DataEase DB2 JNDI Vulnerability
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...
EUVD-2025-198290
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...
CVE-2025-64428
Dataease (open source data visualization/analysis tool) is affected by a JNDI injection vulnerability in versions prior to 2.10.17. A patch in 2.10.14 added a blacklist, but JNDI injections remain possible via the iiop, corbaname, and iiopname schemes. The issue is fixed in version 2.10.17. Affec...
PT-2025-47608
Name of the Vulnerable Software and Affected Versions Dataease versions prior to 2.10.17 Description Dataease, an open source data visualization analysis tool, is susceptible to JNDI injection. A previous patch version 2.10.14 included a blacklist, but the issue persists through the iiop,...
CVE-2025-42884
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
CVE-2025-64164
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection Java Naming and Directory Interface injection. This issue is fixed in version 2.10.15...