>> ARCHIVE: 2021-12

Oliver Library Server 5 versions prior to 8.00.008.053 suffer from an arbitrary file download vulnerability.

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality.

SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG. Other software and various versions are also affected.

SAP Netweaver version SAP DMIS 2011_1_731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG.

SAP Netweaver versions SAP DMIS in at least 2011_1_731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUC_GENERATE_ACPLAN_DELIMITER.

Fully independent log4j exploit that does not require any 3rd party binaries. The exploit sprays the payload to all possible logged HTTP Headers such as X-Forwarding, Server-IP, User-Agent.

Log4j remote code execution exploit with a trick to bypass words blocking patches. Works on Log4j versions 2.14.1 and below.

log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data…