Nomisec Exploits

22,670 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-2414 NOMISEC HIGH
Dogtag PKI - XML External Entity File Disclosure via Crafted HTTP Request
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
by amitlttwo
10 stars
CVSS 7.5
CVE-2022-26134 NOMISEC CRITICAL
Confluence - Remote Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
by Khalidhaimur
CVSS 9.8
CVE-2022-21449 NOMISEC HIGH
Azul Zulu - Unauthenticated Data Manipulation via Multiple Protocols
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
by HeyMrSalt
1 stars
CVSS 7.5
CVE-2023-26326 NOMISEC CRITICAL
BuddyForms <2.7.8 - Insecure Deserialization
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
by mesudmammad1
CVSS 9.8
CVE-2024-21409 NOMISEC HIGH
.NET Framework and .NET 6.0.0-6.0.28 - Remote Code Execution via Use-After-Free
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
by vkairy
1 stars
CVSS 7.3
CVE-2024-23666 NOMISEC HIGH
Fortinet FortiAnalyzer-BigData <7.4.1 - Info Disclosure
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
by synacktiv
6 stars
CVSS 7.5
CVE-2023-42791 NOMISEC HIGH
Fortinet FortiManager Path Traversal via Crafted HTTP Requests
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
by synacktiv
6 stars
CVSS 8.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by ravi5hanka
CVSS 7.5
CVE-2019-16278 NOMISEC CRITICAL
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by CybermonkX
CVSS 9.8
CVE-2024-8743 NOMISEC MEDIUM
Bit File Manager < 6.5.7 - Authenticated Limited JavaScript File Upload via Improper File Type Validation
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.
by siunam321
2 stars
CVSS 6.8
CVE-2024-7627 NOMISEC HIGH
Bit File Manager 6.0-6.5.5 - Unauthenticated Remote Code Execution via Temporary File Race Condition
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.
by siunam321
6 stars
CVSS 8.1
CVE-2022-39275 NOMISEC MEDIUM
Saleor 2.0.0-3.1.24 - Authenticated Information Exposure via GraphQL Mutation ID Type Validation Bypass
Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following information: Estimating database row counts from tables with a sequential primary key or Exposing staff user and customer email addresses and full name through the `assignNavigation()` mutation. This issue has been patched in main and backported to multiple releases (3.7.17, 3.6.18, 3.5.23, 3.4.24, 3.3.26, 3.2.14, 3.1.24). Users are advised to upgrade. There are no known workarounds for this issue.
by omar2535
CVSS 5.3
CVE-2024-29943 NOMISEC CRITICAL
Firefox < 124.0.1 - Memory Corruption
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
by bjrjk
95 stars
CVSS 9.8
CVE-2024-8381 NOMISEC CRITICAL
Firefox < 130 and Firefox ESR < 115.15 - Type Confusion via 'with' Environment Property Lookup
A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
by bjrjk
15 stars
CVSS 9.8
CVE-2022-4262 NOMISEC HIGH
Google Chrome < 108.0.5359.94 - Type Confusion in V8 via Crafted HTML Page
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by bjrjk
106 stars
CVSS 8.8
CVE-2024-42009 NOMISEC CRITICAL
Roundcube Webmail <= 1.5.7 and 1.6.x <= 1.6.7 - Cross-Site Scripting via Desanitization in message_body()
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
by 0xbassiouny1337
4 stars
CVSS 9.3
CVE-2020-29607 NOMISEC HIGH
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
by Alienfader
CVSS 7.2
CVE-2024-53704 NOMISEC CRITICAL
SonicOS >=7.1.1-7040 <7.1.1-7058 - Unauthenticated Authentication Bypass via SSLVPN
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
by istagmbh
2 stars
CVSS 9.8
CVE-2019-12102 NOMISEC CRITICAL
Kentico Xperience 11.0.0-12.0 - Unauthenticated Arbitrary File Upload and Exposure via Media Library Live Selector
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it’s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information
by Egi08
CVSS 9.1
CVE-2021-3156 NOMISEC HIGH
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by czeti
CVSS 7.8
CVE-2021-3156 NOMISEC HIGH
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by ten-ops
CVSS 7.8
CVE-2021-26084 NOMISEC CRITICAL
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
by hev0x
315 stars
CVSS 9.8
CVE-2020-9529 NOMISEC CRITICAL
Shenzhen Hichip Vision Technology Firmware < 2020-06-29 - Privilege Escalation via Administrator Password Reset
Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device's administrator password. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.
by prisect
CVSS 9.8
CVE-2019-5420 NOMISEC CRITICAL
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
by WildWestCyberSecurity
1 stars
CVSS 9.8
CVE-2019-9053 NOMISEC HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by Mahamedm
7 stars
CVSS 8.1