exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed


Apache Log4j2 2.14.1 Information Disclosure
Posted Dec 14, 2021
Authored by leonjza

Apache Log4j2 versions 2.14.1 and below information disclosure exploit.

tags | exploit, info disclosure
advisories | CVE-2021-44228
SHA-256 | ba9d5b07577a6679e74d2298770240a1846d62f9ccc75a77024d3f27444bc52b

Related Files

Log4Shell HTTP Header Injection
Posted Jan 12, 2022
Authored by sinn3r, Michael Schierl, Spencer McIntyre, juan vazquez | Site metasploit.com

This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.

tags | exploit, java, remote, web
advisories | CVE-2021-44228
SHA-256 | fb881ade3573c4c3970acc27f51ba1d3ac1aaff25446ea8e525ce3aca4d0ca4d
Debian Security Advisory 5024-1
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5024-1 - It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service.

tags | advisory, java, denial of service
systems | linux, debian
advisories | CVE-2021-45105
SHA-256 | 6a9b4dcb09185e3b07645d5acea3cb02cdd0b78af28c1bc86e76eeee9ec5e90d
log4j-scan Extensive Scanner
Posted Dec 15, 2021
Authored by fullhunt | Site github.com

log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data parameters. It also supports DNS callback for vulnerability discovery and validation and includes WAF bypass payloads.

tags | exploit, java, web
advisories | CVE-2021-44228
SHA-256 | 0d5ae7f22f482484023dbdde93229a59915d292aefd32e04445b6847b7cbe5c8
Log4j Recognizer
Posted Dec 15, 2021
Authored by scitotec | Site github.com

This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.

tags | tool, java
systems | unix
advisories | CVE-2021-44228
SHA-256 | f3e9c324df46c5349054a5e341c715ffbb5f3a49b2dcb09981741f4aa2e019e7
Log4j Linux IoC Detector
Posted Dec 15, 2021
Authored by santosomar | Site github.com

This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.

tags | java, system logging, bash
systems | linux, unix
advisories | CVE-2021-44228
SHA-256 | cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1
Log4j Payload Generator
Posted Dec 15, 2021
Authored by c0ny1 | Site github.com

log4j-payload-generator is a plugin for the woodpecker framework to produce log4 jndi injection vulnerability payload. Five types of payloads can be produced with one click.

tags | exploit
advisories | CVE-2021-44228
SHA-256 | 9319f5c8420c855db8f2e53dd3489078c212cfa37c4333ed77c190d1645962f9
Log4j2 Log4Shell Regexes
Posted Dec 15, 2021
Authored by karanlyons | Site gist.github.com

If you are curious about web application firewall (WAF) bypass payloads that can be leveraged to exploit the log4j2 code execution vulnerability, you should look at this tool.

tags | exploit, java, web, code execution
advisories | CVE-2021-44228
SHA-256 | 5190d813d12a89606e135d8c589f145817422880d89b61e91356a92b89d6fafd
Apache Log4j2 2.14.1 Remote Code Execution
Posted Dec 14, 2021
Authored by z9fr, kozmer, svmorris

Apache Log4j2 versions 2.0-beta-9 and 2.14.1 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2021-44228
SHA-256 | de62729a1c1d7a301abfc3f60ee8a5248958962c2fdc2b6444dd47cbfe0d4d57
Apache Log4j2 2.14.1 Remote Code Execution
Posted Dec 10, 2021
Authored by tangxiaofeng7 | Site github.com

Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-44228
SHA-256 | c8d0355e439c74ae436d3c409fe4b1f7b1c6c2d6fb97d2375bbaa49de94f642b
Logitech Media Server 8.2.0 Cross Site Scripting
Posted Oct 13, 2021
Authored by Mert Das

Logitech Media Server version 8.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5978d5b90e9784a14ef11c233505d94c2d713a17d4a22c68ae3074a935526d56
Lodging Reservation Management System 1.0 SQL Injection
Posted Oct 3, 2021
Authored by Nitin Sharma

Lodging Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2021-41511
SHA-256 | 07673303aaeec8f95ac60b909c85360f1d32e342a96af86a31cd55f43fa0ad63
Logitech Solar Keyboard Service Unquoted Service Path
Posted Nov 12, 2020
Authored by Jair Amezcua

Logitech Solar Keyboard Service suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 3f0998171a4be918fee2cb4e9361c4449c41d5f5a1517f7d3e80c8e3a139d597
Logicspice FAQ Script 2.9.7 Remote Code Execution
Posted Sep 4, 2018
Authored by Ozkan Mustafa Akkus

Logicspice FAQ Script version 2.9.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 4db84333df3c956135dcf12321cd11e611fef98dd5e2107649fc987f8f07877b
LogicBoard CMS 3.0 / 4.0 / 4.1 Open Redirect
Posted Feb 1, 2017
Authored by Francisco Javier Santiago Vazquez

LogicBoard CMS versions 3.0, 4.0, and 4.1 suffer from an open redirection vulnerability.

tags | advisory
SHA-256 | b30795566dbe73d1333bceb4657b39095cf277df8bca45ebca1c00c1c0bb132f
Log2Space Central 6.2 Cross Site Scripting
Posted Jan 28, 2016
Authored by Rahul Pratap Singh

Log2Space Central version 6.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dba77879de8c9efbd44b477ecd995853b0c1e6b8aff0aaba5e2d0c6d5ec3134f
log2space 6.2 Cross Site Scripting
Posted Apr 15, 2015
Authored by Provensec

log2space version 6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 93fe9b60690ee2b8d2fde351a73fed40e65ab3beef066e5968c665b3c5ff8b02
LogAnalyzer 3.6.5 Cross Site Scripting
Posted Sep 2, 2014
Authored by Dolev Farhi

LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-6070
SHA-256 | f98069f7596bd8fbfa00152848840528932d6b666d0df8a98d6f10bd92a35b5a
LogiVert Webshop Software Cross Site Scripting
Posted Apr 24, 2014
Authored by Renzi

LogiVert Webshop Software suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0c684714aeb69291ce4a76c6087d19e5782e5332bcbba85eccf9cff7f17d31e7
Logic Print 2013 Stack Overflow
Posted May 30, 2013
Authored by h1ch4m

Logic Print 2013 suffers from a stack overflow vulnerability.

tags | exploit, overflow
SHA-256 | ba1216bc16af7f8d80b5c358f6e4541518b85fb4b8d3fc8150c331d6f1c6e2a1
Loganalyzer 3.6.0 Cross Site Scripting
Posted Dec 20, 2012
Authored by Mohd Izhar Ali | Site johncrackernet.blogspot.com

LogAnalyzer version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f890d7408490ef8e73e0a6ba7b407973a7e773f86abfa93c95a1a275450e27db
Logica HotScan SWIFT Alliance Access Interface Buffer Overflow
Posted Oct 10, 2012
Authored by Anil Pazvant

The Hotscan Listener interface is prone to a buffer overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. This allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

tags | advisory, remote, denial of service, overflow, arbitrary
advisories | CVE-2012-2624
SHA-256 | 4d82bb2cdd5e00df2473121e20ac99ab0fed22e38807dad251dcffec376681c6
Log1 CMS writeInfo() PHP Code Injection
Posted Jun 3, 2012
Authored by EgiX, sinn3r, Adel SBM | Site metasploit.com

This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2011-4825, OSVDB-76928
SHA-256 | 5f8de96e6ea32234373a0a7a5100ed196a91a7eb2302465bc03aeaa9b7bfff70
Log1cms 2.1 Cross Site Request Forgery
Posted Mar 6, 2012
Authored by KedAns-Dz

Log1cms version 2.1 suffers from cross site request forgery vulnerabilities that allow for shell upload and file downloads.

tags | exploit, shell, vulnerability, csrf
SHA-256 | fc139e44abe15975ea6625bf46ebf7ec02a9bb3d4a76dce8e812d83c5f4d9870
Logement Laval SQL Injection
Posted Jan 4, 2012
Authored by Th4 MasK

Logement Laval suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 45780e0ce039a1b53b28eac03f49e5414e048b9551c9aafebbfb1e09226f684f
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | df3d9c8ed704fef75b0299e0e7a5d3f53ce40512cc6b54ed3e1432b1ad72df36
Page 1 of 4

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By