:: Deepquest ::

Oliver Library Server 5 versions prior to 8.00.008.053 suffer from an arbitrary file download vulnerability.

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality.

SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG. Other software and various versions are also affected.

SAP Netweaver version SAP DMIS 2011_1_731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG.

SAP Netweaver versions SAP DMIS in at least 2011_1_731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUC_GENERATE_ACPLAN_DELIMITER.

Fully independent log4j exploit that does not require any 3rd party binaries. The exploit sprays the payload to all possible logged HTTP Headers such as X-Forwarding, Server-IP, User-Agent.

Log4j remote code execution exploit with a trick to bypass words blocking patches. Works on Log4j versions 2.14.1 and below.

log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data parameters. It also supports DNS callback for vulnerability discovery and validation and includes WAF bypass payloads.