safe3s

6 exploits Active since Jan 2022
CVE-2022-2185 NOMISEC CRITICAL STUB
GitLab <14.10.5-15.1.1 - Authenticated RCE
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
13 stars
CVSS 9.9
CVE-2022-26135 NOMISEC MEDIUM WORKING POC
Atlassian Jira <8.13.22, <8.20.10, <8.22.4 - SSRF
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
11 stars
CVSS 6.5
CVE-2022-35416 NOMISEC MEDIUM WORKING POC
H3C SSL VPN < 2022-07-10 - Cross-Site Scripting via wnm/login/login.json svpnlang Cookie
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
6 stars
CVSS 6.1
CVE-2022-39197 NOMISEC MEDIUM STUB
HelpSystems Cobalt Strike <= 4.7 - Cross-Site Scripting via Payload Username Field
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
3 stars
CVSS 6.1
CVE-2022-21661 NOMISEC HIGH WRITEUP
WordPress 3.7-3.7.36 - SQL Injection via WP_Query
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
CVSS 8.0
CVE-2021-25642 NOMISEC HIGH STUB
Apache Hadoop 2.9.0-2.10.1 - Remote Code Execution via ZKConfigurationStore Deserialization
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.
CVSS 8.8