4 results (0.015 seconds)

CVSS: 10.0EPSS: 96%CPEs: 398EXPL: 30

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. • https://github.com/fullhunt/log4j-scan https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words https://github.com/cyberstruggle/L4sh https://github.com/woodpecker-appstore/log4j-payload-generator https://github.com/tangxiaofeng7/apache-log4j-poc https://www.exploit-db.com/exploits/51183 https://www.exploit-db.com/exploits/50592 https://www.exploit-db.com/exploits/50590 https://github.com/logpresso/CVE-2021-44228-Scanner https://github.com/jas502n/Log4j2-CVE-2021-44228 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 1

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 no requiere autenticación para acceder a las páginas de monitorización, permitiendo que atacantes remotos obtengan configuración sensible, archivos, e información de los log mediante vectores no especificados, relacionados con el paquete Cisco_VSBWT (también conocido como código de ejemplo Broadware), también referenciado como Bug ID CSCsv40169. • https://www.exploit-db.com/exploits/24786 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm http://www.securityfocus.com/bid/61431 http://www.securitytracker.com/id/1028827 https://exchange.xforce.ibmcloud.com/vulnerabilities/85945 • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 1

Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 permite que atacantes remotos obtengan configuración sensible, archivos e información de log mediante vectores no especificados, relacionados con el paquete Cisco_VSBWT (también conocido como código de ejemplo Broadware), también referenciado como Bug ID CSCsv37288. • https://www.exploit-db.com/exploits/24786 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm http://www.securityfocus.com/bid/61432 http://www.securitytracker.com/id/1028827 https://exchange.xforce.ibmcloud.com/vulnerabilities/85946 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 1

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163. Múltiples vulnerabilidades de salto de directorio en Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 permite que atacantes remotos lean ficheros del sistema mediante URL modifificadas, relacionadas con el paquete Cisco_VSBWT (también conocido como código de ejemplo Broadware), también referenciado como Bug ID CSCsv37163. • https://www.exploit-db.com/exploits/24786 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm http://www.securityfocus.com/bid/61430 http://www.securitytracker.com/id/1028827 https://exchange.xforce.ibmcloud.com/vulnerabilities/85947 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •