what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

log2space 6.2 Cross Site Scripting
Posted Apr 15, 2015
Authored by Provensec

log2space version 6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 93fe9b60690ee2b8d2fde351a73fed40e65ab3beef066e5968c665b3c5ff8b02

Related Files

Log4Shell HTTP Scanner
Posted Sep 1, 2024
Authored by Spencer McIntyre, RageLtMan | Site metasploit.com

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This Metasploit module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This Metasploit module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.

tags | exploit, web
advisories | CVE-2021-44228, CVE-2021-45046
SHA-256 | 0c99025a240dc811b182feb7d9c9d3253b1e32fb38ca51be4415745de5402484
Apache log4j2 Code Execution
Posted Aug 8, 2024
Authored by ashdoeshax | Site github.com

Log4j 2.15.0 was released to address the widely reported JNDI Remote Code Execution (RCE) (CVE-2021-44228) vulnerability in Log4j. Shortly thereafter, 2.16.0 was released to address a Denial of Service (DoS) vulnerability (CVE-2021-45046). When examining the 2.15.0 release, Google security engineers found several issues with the Log4j 2.15.0 patch that showed that the severity of the issue addressed in 2.16 was in fact worse than initially understood. This is Google's proof of concept exploit.

tags | exploit, remote, denial of service, code execution, proof of concept
advisories | CVE-2021-45046
SHA-256 | c42c53b6fbd06585bd6895ecad8dddaa20237bb0cbb68646781ab1bf7e1461f2
Log4Shell HTTP Header Injection
Posted Jan 12, 2022
Authored by sinn3r, Michael Schierl, Spencer McIntyre, juan vazquez | Site metasploit.com

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.

tags | exploit, java, remote, web
advisories | CVE-2021-44228
SHA-256 | fb881ade3573c4c3970acc27f51ba1d3ac1aaff25446ea8e525ce3aca4d0ca4d
log4j-scan Extensive Scanner
Posted Dec 15, 2021
Authored by fullhunt | Site github.com

log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data parameters. It also supports DNS callback for vulnerability discovery and validation and includes WAF bypass payloads.

tags | exploit, java, web
advisories | CVE-2021-44228
SHA-256 | 0d5ae7f22f482484023dbdde93229a59915d292aefd32e04445b6847b7cbe5c8
Log4j Recognizer
Posted Dec 15, 2021
Authored by scitotec | Site github.com

This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.

tags | tool, java
systems | unix
advisories | CVE-2021-44228
SHA-256 | f3e9c324df46c5349054a5e341c715ffbb5f3a49b2dcb09981741f4aa2e019e7
Log4j Linux IoC Detector
Posted Dec 15, 2021
Authored by santosomar | Site github.com

This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.

tags | java, system logging, bash
systems | linux, unix
advisories | CVE-2021-44228
SHA-256 | cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1
Log4j Payload Generator
Posted Dec 15, 2021
Authored by c0ny1 | Site github.com

log4j-payload-generator is a plugin for the woodpecker framework to produce log4 jndi injection vulnerability payload. Five types of payloads can be produced with one click.

tags | exploit
advisories | CVE-2021-44228
SHA-256 | 9319f5c8420c855db8f2e53dd3489078c212cfa37c4333ed77c190d1645962f9
Log4j2 Log4Shell Regexes
Posted Dec 15, 2021
Authored by karanlyons | Site gist.github.com

If you are curious about web application firewall (WAF) bypass payloads that can be leveraged to exploit the log4j2 code execution vulnerability, you should look at this tool.

tags | exploit, java, web, code execution
advisories | CVE-2021-44228
SHA-256 | 5190d813d12a89606e135d8c589f145817422880d89b61e91356a92b89d6fafd
Apache Log4j2 2.14.1 Information Disclosure
Posted Dec 14, 2021
Authored by leonjza

Apache Log4j2 versions 2.14.1 and below information disclosure exploit.

tags | exploit, info disclosure
advisories | CVE-2021-44228
SHA-256 | ba9d5b07577a6679e74d2298770240a1846d62f9ccc75a77024d3f27444bc52b
Logitech Media Server 8.2.0 Cross Site Scripting
Posted Oct 13, 2021
Authored by Mert Das

Logitech Media Server version 8.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5978d5b90e9784a14ef11c233505d94c2d713a17d4a22c68ae3074a935526d56
Lodging Reservation Management System 1.0 SQL Injection
Posted Oct 3, 2021
Authored by Nitin Sharma

Lodging Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2021-41511
SHA-256 | 07673303aaeec8f95ac60b909c85360f1d32e342a96af86a31cd55f43fa0ad63
Logitech Solar Keyboard Service Unquoted Service Path
Posted Nov 12, 2020
Authored by Jair Amezcua

Logitech Solar Keyboard Service suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 3f0998171a4be918fee2cb4e9361c4449c41d5f5a1517f7d3e80c8e3a139d597
Logicspice FAQ Script 2.9.7 Remote Code Execution
Posted Sep 4, 2018
Authored by Ozkan Mustafa Akkus

Logicspice FAQ Script version 2.9.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 4db84333df3c956135dcf12321cd11e611fef98dd5e2107649fc987f8f07877b
LogicBoard CMS 3.0 / 4.0 / 4.1 Open Redirect
Posted Feb 1, 2017
Authored by Francisco Javier Santiago Vazquez

LogicBoard CMS versions 3.0, 4.0, and 4.1 suffer from an open redirection vulnerability.

tags | advisory
SHA-256 | b30795566dbe73d1333bceb4657b39095cf277df8bca45ebca1c00c1c0bb132f
LogMeIn Client 1.3.2462 (64bit) Credential Disclosure
Posted Sep 8, 2016
Authored by Yakir Wizman, Alexander Korznikov, Viktor Minin

LogMeIn client version 1.3.2462 (64bit) suffers from a local credential memory disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 3e21881c146874807c984cebd32e544f21626d0eac6b98d3aac36bc0dc6ee9ac
Log2Space Central 6.2 Cross Site Scripting
Posted Jan 28, 2016
Authored by Rahul Pratap Singh

Log2Space Central version 6.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dba77879de8c9efbd44b477ecd995853b0c1e6b8aff0aaba5e2d0c6d5ec3134f
LogAnalyzer 3.6.5 Cross Site Scripting
Posted Sep 2, 2014
Authored by Dolev Farhi

LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-6070
SHA-256 | f98069f7596bd8fbfa00152848840528932d6b666d0df8a98d6f10bd92a35b5a
LogiVert Webshop Software Cross Site Scripting
Posted Apr 24, 2014
Authored by Renzi

LogiVert Webshop Software suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0c684714aeb69291ce4a76c6087d19e5782e5332bcbba85eccf9cff7f17d31e7
Logic Print 2013 Stack Overflow
Posted May 30, 2013
Authored by h1ch4m

Logic Print 2013 suffers from a stack overflow vulnerability.

tags | exploit, overflow
SHA-256 | ba1216bc16af7f8d80b5c358f6e4541518b85fb4b8d3fc8150c331d6f1c6e2a1
Loganalyzer 3.6.0 Cross Site Scripting
Posted Dec 20, 2012
Authored by Mohd Izhar Ali | Site johncrackernet.blogspot.com

LogAnalyzer version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f890d7408490ef8e73e0a6ba7b407973a7e773f86abfa93c95a1a275450e27db
Logica HotScan SWIFT Alliance Access Interface Buffer Overflow
Posted Oct 10, 2012
Authored by Anil Pazvant

The Hotscan Listener interface is prone to a buffer overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. This allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

tags | advisory, remote, denial of service, overflow, arbitrary
advisories | CVE-2012-2624
SHA-256 | 4d82bb2cdd5e00df2473121e20ac99ab0fed22e38807dad251dcffec376681c6
Log1 CMS writeInfo() PHP Code Injection
Posted Jun 3, 2012
Authored by EgiX, sinn3r, Adel SBM | Site metasploit.com

This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2011-4825, OSVDB-76928
SHA-256 | 5f8de96e6ea32234373a0a7a5100ed196a91a7eb2302465bc03aeaa9b7bfff70
Log1cms 2.1 Cross Site Request Forgery
Posted Mar 6, 2012
Authored by KedAns-Dz

Log1cms version 2.1 suffers from cross site request forgery vulnerabilities that allow for shell upload and file downloads.

tags | exploit, shell, vulnerability, csrf
SHA-256 | fc139e44abe15975ea6625bf46ebf7ec02a9bb3d4a76dce8e812d83c5f4d9870
Logement Laval SQL Injection
Posted Jan 4, 2012
Authored by Th4 MasK

Logement Laval suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 45780e0ce039a1b53b28eac03f49e5414e048b9551c9aafebbfb1e09226f684f
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | df3d9c8ed704fef75b0299e0e7a5d3f53ce40512cc6b54ed3e1432b1ad72df36
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close