Nomisec Exploits

22,691 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-4944 NOMISEC MEDIUM
kodcloud kodexplorer < 4.49 - Cross-Site Request Forgery
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.
by brosck
2 stars
CVSS 4.3
CVE-2006-3392 NOMISEC
Usermin < 1.220 - Arbitrary File Read via Path Traversal with URL-Encoded Bypass
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
by brosck
3 stars
CVE-2024-35286 NOMISEC CRITICAL
Mitel MiCollab < 9.8.0.33 - Unauthenticated SQL Injection in NuPoint Messenger
A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.
by lu4m575
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by fredagsguf
CVSS 9.8
CVE-2023-27350 NOMISEC CRITICAL
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by imancybersecurity
12 stars
CVSS 9.8
CVE-2024-42327 NOMISEC CRITICAL
Zabbix 6.0.0-6.0.32 - Authenticated SQL Injection via CUser.addRelatedObjects
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
by depers-rus
3 stars
CVSS 9.9
CVE-2024-10516 NOMISEC HIGH
Swift Performance Lite <2.3.7.1 - Local PHP File Inclusion
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
by RandomRobbieBF
CVSS 8.1
CVE-2024-54679 NOMISEC MEDIUM
CyberPanel < 2.3.7 - Missing Authorization for MySQL Restart Action
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
by hotplugin0x01
3 stars
CVSS 4.3
CVE-2024-47062 NOMISEC HIGH
Navidrome - ORM Leak, SQL Injection
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by saisathvik1
CVSS 8.8
CVE-2024-48705 NOMISEC MEDIUM
Wavlink AC1200 M32A3_V1410_230602 and M32A3_V1410_240222 - Authenticated Command Injection via newpass Field in adm.cgi
Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
by L41KAA
2 stars
CVSS 6.5
CVE-2024-42448 NOMISEC CRITICAL
Veeam Service Provider Console 8.1 - Management Agent Remote Code Execution
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
by h3lye
CVSS 9.9
CVE-2023-4220 NOMISEC HIGH
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
by Pr1or95
1 stars
CVSS 8.1
CVE-2023-50387 NOMISEC HIGH
Redhat Enterprise Linux < 2.90 - Resource Allocation Without Limits
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
by Pablodiz
CVSS 7.5
CVE-2022-26318 NOMISEC CRITICAL
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
by egilas
CVSS 9.8
CVE-2024-21413 NOMISEC CRITICAL
Microsoft 365 Apps and Office 2016-2019 - Remote Code Execution via Moniker Link
Microsoft Outlook Remote Code Execution Vulnerability
by D1se0
4 stars
CVSS 9.8
CVE-2024-11643 NOMISEC HIGH
WordPress AllAccessible <1.3.4 - Privilege Escalation
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
by RandomRobbieBF
CVSS 8.8
CVE-2024-41713 NOMISEC CRITICAL
Mitel MiCollab < 9.8.1.201 - Unauthenticated Path Traversal in NuPoint Unified Messaging
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
by watchtowrlabs
19 stars
CVSS 9.1
CVE-2024-31317 NOMISEC HIGH
Android - Local Privilege Escalation via Unsafe Deserialization in ZygoteProcess.java
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
by fuhei
64 stars
CVSS 7.8
CVE-2021-3129 NOMISEC CRITICAL
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
by Prabesh01
CVSS 9.8
CVE-2024-32002 NOMISEC CRITICAL
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
by Julian-gmz
CVSS 9.0
CVE-2024-46538 NOMISEC MEDIUM
pfSense 2.5.2 - Stored Cross-Site Scripting via $pconfig Variable in interfaces_groups_edit.php
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
by LauLeysen
4 stars
CVSS 4.8
CVE-2024-34102 NOMISEC CRITICAL
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
by wubinworks
CVSS 9.8
CVE-2018-25031 NOMISEC MEDIUM
Swagger UI < 4.1.3 - Server-Side Request Forgery via OpenAPI Definition URL
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
by mathis2001
3 stars
CVSS 4.3
CVE-2023-32784 NOMISEC HIGH
KeePass 2.00-2.53 - Cleartext Master Password Exposure via Memory Dump
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
by dev0558
CVSS 7.5
CVE-2022-1386 NOMISEC CRITICAL
Fusion Builder < 3.6.2 - Server-Side Request Forgery via Unvalidated Form Parameter
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
by kreeksec
CVSS 9.8