cved-sources

43 exploits Active since Feb 2010
CVE-2019-10678 NOMISEC HIGH STUB
Domoticz <4.10579 - Info Disclosure
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
1 stars
CVSS 7.5
CVE-2018-11776 NOMISEC HIGH STUB
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
1 stars
CVSS 8.1
CVE-2018-15473 NOMISEC MEDIUM STUB
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
1 stars
CVSS 5.3
CVE-2018-15961 NOMISEC CRITICAL STUB
Adobe ColdFusion July 12 release (2018.0.0.310739) Update 6 and earlier Update 14 and earlier - Unrestricted File Upload
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
1 stars
CVSS 9.8
CVE-2017-8046 NOMISEC CRITICAL STUB
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
1 stars
CVSS 9.8
CVE-2019-9184 NOMISEC CRITICAL WORKING POC
J2Store 3.3.0-3.3.6 - SQL Injection via product_option[] Parameter
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
CVSS 9.8
CVE-2019-9194 NOMISEC CRITICAL STUB
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
CVE-2019-9978 NOMISEC MEDIUM WORKING POC
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
CVSS 6.1
CVE-2019-5420 NOMISEC CRITICAL STUB
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
CVSS 9.8
CVE-2019-6340 NOMISEC HIGH STUB
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
CVSS 8.1
CVE-2017-8917 NOMISEC CRITICAL STUB
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 9.8
CVE-2018-1273 NOMISEC CRITICAL STUB
Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
CVSS 9.8
CVE-2018-15877 NOMISEC HIGH WORKING POC
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
CVSS 8.8
CVE-2018-16283 NOMISEC CRITICAL WORKING POC
Wechat Broadcast < 1.2.0 - Path Traversal via Image.php URL Parameter
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
CVSS 9.8
CVE-2018-16509 NOMISEC HIGH STUB
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVSS 7.8
CVE-2018-17207 NOMISEC CRITICAL WORKING POC
Snap Creek Duplicator <1.2.42 - Code Injection
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVSS 9.8
CVE-2018-19207 NOMISEC CRITICAL WORKING POC
Van Ons WP GDPR Compliance <1.4.3 - RCE
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
CVSS 9.8
CVE-2018-3810 NOMISEC CRITICAL WORKING POC
Smart Google Code Inserter < 3.5 - Unauthenticated Arbitrary Code Insertion via sgcgoogleanalytic Parameter
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
CVSS 9.8
CVE-2018-3811 NOMISEC CRITICAL WORKING POC
Smart Google Code Inserter < 3.5 - Unauthenticated SQL Injection via oId Parameter
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
CVSS 9.8
CVE-2018-7600 NOMISEC CRITICAL WRITEUP
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVSS 9.8
CVE-2018-9206 NOMISEC CRITICAL WRITEUP
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVSS 9.8
CVE-2018-9207 NOMISEC CRITICAL WORKING POC
jQuery Upload File <= 4.0.2 - Arbitrary File Upload
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVSS 9.8
CVE-2018-9208 NOMISEC CRITICAL WORKING POC
jQuery Picture Cut <= 1.1Beta - Unauthenticated Arbitrary File Upload
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
CVSS 9.8
CVE-2016-7434 NOMISEC HIGH WORKING POC
NTP 4.3.0-4.3.94 - Denial of Service via Crafted MRU List Query
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVSS 7.5
CVE-2016-6515 NOMISEC HIGH WORKING POC
OpenSSH < 7.3 - Denial of Service via Long Password String
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVSS 7.5