SAP Netweaver versions SAP DMIS in at least 2011_1_731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUC_GENERATE_ACPLAN_DELIMITER.
Fully independent log4j exploit that does not require any 3rd party binaries. The exploit sprays the payload to all possible logged HTTP Headers such as X-Forwarding, Server-IP, User-Agent.
Log4j remote code execution exploit with a trick to bypass words blocking patches. Works on Log4j versions 2.14.1 and below.
log4j-scan is fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts. It supports fuzzing for more than 60 HTTP request headers, JSON data parameters, and HTTP POST Data…
Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF)
Croogo 3.0.2 – Unrestricted File Upload
Croogo 3.0.2 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
Cibele Thinfinity VirtualUI 2.5.41.0 – User Enumeration
Apache Log4j2 versions 2.14.1 and below information disclosure exploit.