its-arun

4 exploits Active since Apr 2016
CVE-2022-39197 NOMISEC MEDIUM WORKING POC
HelpSystems Cobalt Strike <= 4.7 - Cross-Site Scripting via Payload Username Field
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
387 stars
CVSS 6.1
CVE-2022-39197 NOMISEC MEDIUM WORKING POC
HelpSystems Cobalt Strike <= 4.7 - Cross-Site Scripting via Payload Username Field
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
13 stars
CVSS 6.1
CVE-2020-35682 NOMISEC HIGH WORKING POC
ManageEngine ServiceDesk Plus < 11134 - Authentication Bypass via SAML Login
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
8 stars
CVSS 8.8
CVE-2016-2098 NOMISEC HIGH WORKING POC
Debian Linux < 3.2.22.1 - Improper Input Validation
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
1 stars
CVSS 7.3