Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
helpsystems vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2021-36798
A Denial-of-Service (DoS) vulnerability exists in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote malicious users to crash the C2 server thread and block beacons' communication with it.
Helpsystems Cobalt Strike 4.2
Helpsystems Cobalt Strike 4.3
2 Github repositories
668
VMScore
CVE-2018-20764
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.
Helpsystems Boks
446
VMScore
CVE-2022-23317
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
Helpsystems Cobalt Strike
NA
CVE-2022-39197
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike up to and including 4.7 that allowed a remote malicious user to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then ...
Helpsystems Cobalt Strike
19 Github repositories
NA
CVE-2022-42948
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
Helpsystems Cobalt Strike 4.7.1
NA
CVE-2021-46830
A path traversal vulnerability exists within GoAnywhere MFT prior to 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain acce...
Helpsystems Goanywhere Managed File Transfer
187
VMScore
CVE-2021-43708
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.
Helpsystems Titus Data Classification 18.8.1910.140
NA
CVE-2021-26837
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows malicious users to execute arbitrary code, escalate privileges, and gain sensitive information.
Fortra Delivernow
NA
CVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Fortra Goanywhere Managed File Transfer
1 Metasploit module
6 Github repositories
2 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started