PetrusViet

5 exploits Active since Mar 2019
CVE-2021-39115 NOMISEC HIGH WRITEUP
Atlassian Jira Service Management Server/Data Center - Server-Side Template Injection
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
48 stars
CVSS 7.2
CVE-2021-22192 NOMISEC CRITICAL WRITEUP
GitLab CE/EE <13.2 - Authenticated RCE
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
13 stars
CVSS 9.9
CVE-2023-38743 NOMISEC HIGH WORKING POC
Zoho ManageEngine ADManager Plus <Build 7200 - Command Injection
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
11 stars
CVSS 7.2
CVE-2019-11581 NOMISEC CRITICAL WRITEUP
Jira Server/Data Center <7.6.14, <7.13.5, <8.0.3, <8.1.2, <8.2.3 - RCE
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
6 stars
CVSS 9.8
CVE-2019-3396 NOMISEC CRITICAL WRITEUP
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
2 stars
CVSS 9.8