Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, but web.xml is most likely to have information of value.
8dfcee78eebf17abc7fd9c39192937639d93c646932d8c726dffcbafbedbf39b
Control Web Panel 7 (CWP7) version 0.9.8.1147 suffers from a remote code execution vulnerability.
5ba6eecbfef39e064bb411b47384051a649ebeb089d2d5dc712466ec696fe755
Casdoor version 1.13.0 suffers from a remote SQL injection vulnerability.
93062cdead6d8c30acd5f911a8c586515a0dee480dc4c1ced674d065a997669b
Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.
2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167
Keycloak version 12.0.1 suffers from a blind server-side request forgery vulnerability.
91d0674796fa0b8c038987358fb23505d23cafcdda7b498527d3b65fad366018
Atlassian Jira Server/Data Center version 8.4.0 suffers from a limited remote file read vulnerability.
ecbe65e6819640536803270e333b2bc7cd27353076cd635aa742fc37892cee93
Atlassian Confluence Server version 7.5.1 suffers from a pre-authorization arbitrary file read vulnerability.
7f693737140518ca2e42f870252d34d097ff4d86974a396354174c05e262de77
PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.
f726aea9ab9a0663c00691675009247212802a4e2f78a7fb5cea2c34dc366e86
CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019.
3bfcd7e004bf700bf7018b5be445e0eaf5aa0214d64852a09babea6c6a72b8ed
Bludit versions 3.9.2 and below bruteforce mitigation bypass exploit. Please visit the related homepage for deep dive details on usage.
699d0927648d79172070e30dfd20c5f391423d6b8791f6bb95db49e6c2114867