Romanc9

2 exploits Active since Sep 2022

CVE-2023-21839 NOMISEC HIGH WORKING POC

Oracle WebLogic Server <14.1.1.0.0 - RCE

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

2 stars

CVSS 7.5

View Code

CVE-2022-39197 NOMISEC MEDIUM WORKING POC

HelpSystems Cobalt Strike <= 4.7 - Cross-Site Scripting via Payload Username Field

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).

2 stars

CVSS 6.1

View Code