Nomisec Exploits
21,618 exploits tracked across all sources.
Telesquare TLR-2005KSH - Remote Command Execution
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
by hack-with-rohit
Windows TCP/IP < - RCE
Windows TCP/IP Remote Code Execution Vulnerability
by FrancescoDiSalesGithub
CVSS 9.8
Windows TCP/IP < - RCE
Windows TCP/IP Remote Code Execution Vulnerability
by KernelKraze
ZoneMinder <1.36.33-1.37.33 - RCE
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
by heapbytes
Wlan Service - RCE
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
by mellow-hype
Ssssssss Spider-flow - Code Injection
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
by hack-with-rohit
CVSS 6.3
Online Complaint Site <1.0 - Privilege Escalation
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
by b1u3st0rm
CVSS 9.8
Grav CMS <1.7.45 - SSRF
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
by gunzf0x
CVSS 8.8
Nagios XI - SQL Injection
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
by MAWK0235
Thinkphp 6.1.3-8.0.4 - Code Injection
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
by fru1ts
SPIP <4.3.2-4.1.18 - Command Injection
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
by Chocapikk
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by xboxoneresearch
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by qlusec
CVSS 9.8
Mikrotik Routeros < 6.49.10 - Out-of-Bounds Write
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
by diemaxxing
Litespeedtech Litespeed Cache - Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
by gbrsh
CVSS 9.8
AIMS eCrew - Auth Bypass
Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190.
by NaunetEU
CVSS 5.4
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
by AD-Appledog
CVSS 9.0
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by D0rDa4aN919
Advanced REST Client <17.0.9 - XSS
Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.
by EQSTLab
CVSS 4.7
Deskfiler <1.2.3 - RCE
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
by EQSTLab
CVSS 9.8
Beekeeper Studio <4.1.13 - XSS
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.
by EQSTLab
CVSS 6.1
Nteract <0.28.0 - RCE
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.
by EQSTLab
CVSS 9.8
mjml-app <3.1.0-beta - RCE
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
by EQSTLab
CVSS 9.3
Goanother Another Redis Desktop Manager < 1.6.1 - XSS
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
by EQSTLab
CVSS 9.6
Lukasbach Yana < 1.0.16 - XSS
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
by EQSTLab
CVSS 9.6
By Source