84 matches found
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Demonstration of the Log4jShell Exploit This code may contain...
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
💥 CVE-2021-44228 — Log4Shell The Most Impactful Vuln...
EUVD-2022-1623
Malicious code in bioql PyPI...
EUVD-2022-29628
Malicious code in bioql PyPI...
CVE-2025-58782
CVE-2025-58782 affects Apache Jackrabbit Core (1.0.0–2.22.1) and Apache Jackrabbit JCR Commons (1.0.0–2.22.1). The issue is Deserialization of Untrusted Data triggered by accepting JNDI URIs for JCR lookup from untrusted users, which can lead to arbitrary code execution through deserialization of...
CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup". It is designed to addres...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Log4j2 日志内容 JNDI RCE 缓解措施 English version 国际镜像:https://github.com/zhangyoufu/log4j2-without-jndi 国内镜像:https://code.aliyun.com/zhangyoufu/log4j2-without-jndi/tree/master 使用方式 1. 寻找部署目录下的 log4j2-core 组件 find . -name 'log4j-core.jar' 2. 对找到的 log4j2-core JAR 包实施缓解措施 方式1: 使用 zip 命令从 JAR...
Exploit for CVE-2018-3149
log4j2-exploits https://user-images.githubusercontent.com/37479424/145661983-131eb84a-9ac5-4014-9f6b-10b69d8d7cf4.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. 8u121 Release Notes However, the logging library for java called log4j2 had JNDILookup,...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
PoC exploit for CVE-2021-44228, a Java logging library vulnerability. The target product/service is Apache Log4j, a Java logging library. The vulnerability class/vector is RCE Remote Code Execution via JNDI Java Naming and Directory Interface lookup. The probable entry points are JNDI lookups...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
CVE-2022-24847
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
CVE-2022-24846
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
Amazon Linux 2022 : log4j, log4j-jcl, log4j-slf4j (ALAS2022-2021-004)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2021-004 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with control over Thread Context Map MDC inp...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Analysis How does it work? Below is a deta...
GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j
The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of servic...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
It is an exploit module for Log4j. The vulnerability class/vecto...