Shodan
Vulnerabilities
Vulnerable Software
Helpsystems:  Security Vulnerabilities
CVE-2022-42948
Known exploited
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
CVSS Score
9.8
EPSS Score
0.121
Published
2023-03-24
CVE-2022-39197
Known exploited
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
CVSS Score
6.1
EPSS Score
0.103
Published
2022-09-22
CVE-2021-46830
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-07-27
CVE-2021-43708
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-21
CVE-2022-23317
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-15
CVE-2021-36798
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.
CVSS Score
7.5
EPSS Score
0.277
Published
2021-08-09
CVE-2018-20764
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved