Nomisec Exploits
22,684 exploits tracked across all sources.
Zenitel AlphaWeb XE v11.2.3.10 - Path Traversal
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
by s4fv4n
CVSS 5.5
nssTheme Wp NssUser Register <1.0.0 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.
by Nxploited
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by jip-0-0-0-0-0
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
by arsolutioner
Microsoft Configuration Manager 2403, 2409, 2503 - Remote Code Execution
Microsoft Configuration Manager Remote Code Execution Vulnerability
by synacktiv
FortiProxy 7.0.0-7.0.19 and 7.2.0-7.2.12 - Authentication Bypass via Node.js Websocket Module
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
by watchtowrlabs
Process Maker pm4core-docker <4.1.21-RC7 - XSS
A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
by code5ecure
CVSS 4.8
Exhibitor Web UI <1.7.1 - Command Injection
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.
by yZee00
CVSS 9.8
Indico < 3.3.5 - Information Disclosure via /api/principals
A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).
by cetinpy
OpenSSH 9.1 - Unauthenticated Double Free in KEX Algorithms Handling
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
by mrmtwoj
StoreApps Smart Manager <8.52.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0.
by DoTTak
Microsoft Purview - Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
by Pauloxc6
SourceCodester Packers and Movers Management System 1.0 - Cross-Site Request Forgery in Users.php
Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.
by HackWidMaddy
CVSS 4.5
Concrete CMS 9.0.0-9.2.4 - Stored Cross-Site Scripting via Role Name Field
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.
by Nxploited
CVSS 2.0
NitroPack <1.17.0 - Info Disclosure
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.
by RandomRobbieBF
CVSS 8.1
Phiewer 4.1.0 - Untrusted Search Path Leading to Command Execution via Dylib Injection
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.
by SyFi
CVSS 3.3
SEO Plugin by Squirrly SEO <= 12.4.03 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03.
by DoTTak
Windows LDAP - Remote Code Execution via Integer Overflow
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
by bo0l3an
D-Link DWR-M972V 1.05SSG - Unauthenticated Remote Code Execution via SSH Root Access
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions
by CRUNZEX
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
by UNICORDev
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
by 0xROOTPLS
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by elit3pwner
Microsoft Exchange Server - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
by truongtn
TUBITAK BILGEM Pardus OS My Computer <0.7.2 - Code Injection
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.
This issue affects Pardus OS My Computer: before 0.7.2.
by osmancanvural
CVSS 3.9
Microsoft 365 Apps and Office - Exposure of Sensitive Information via Spoofing
Microsoft Office Spoofing Vulnerability
by passtheticket
By Source