Nomisec Exploits

22,691 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-25845 NOMISEC HIGH
fastjson < 1.2.83 - Deserialization of Untrusted Data via autoType Bypass
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
by ph0ebus
7 stars
CVSS 8.1
CVE-2024-11320 NOMISEC CRITICAL
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
by mhaskar
9 stars
CVSS 9.8
CVE-2019-1010174 NOMISEC CRITICAL
CImg Library <2.3.3 - Command Injection
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.
by NketiahGodfred
1 stars
CVSS 9.8
CVE-2024-42327 NOMISEC CRITICAL
Zabbix 6.0.0-6.0.32 - Authenticated SQL Injection via CUser.addRelatedObjects
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
by aramosf
36 stars
CVSS 9.9
CVE-2024-36401 NOMISEC CRITICAL
Geoserver unauthenticated Remote Code Execution
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
by 0x0d3ad
2 stars
CVSS 9.8
CVE-2023-41425 NOMISEC MEDIUM
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
by 0x0d3ad
CVSS 6.1
CVE-2024-11252 NOMISEC MEDIUM
Sassy Social Share <= 3.3.69 - Unauthenticated Reflected XSS via heateor_mastodon_share
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
by reinh3rz
CVSS 6.1
CVE-2024-44285 NOMISEC HIGH
iPadOS 18.0 - Use-After-Free
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
by slds1
1 stars
CVSS 7.8
CVE-2024-5084 NOMISEC CRITICAL
Hash Form - Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload via file_upload_action Function
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
by Raeezrbr
CVSS 9.8
CVE-2024-52800 NOMISEC LOW
veraPDF-library - XML External Entity Injection via Custom Schematron Policy Check
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.
by JAckLosingHeart
CVE-2023-37250 NOMISEC HIGH
Unity Parsec < 9.0 - Privilege Escalation via TOCTOU Race Condition
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.
by ewilded
2 stars
CVSS 7.0
CVE-2022-23131 NOMISEC CRITICAL
Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
by dagowda
CVSS 9.1
CVE-2024-3400 NOMISEC CRITICAL
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
by nanwinata
CVSS 10.0
CVE-2024-52301 NOMISEC HIGH
Laravel Framework < 6.20.45 - Environment Manipulation via Crafted Query String
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
by nanwinata
1 stars
CVSS 7.5
CVE-2024-52301 NOMISEC HIGH
Laravel Framework < 6.20.45 - Environment Manipulation via Crafted Query String
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
by fckoo
CVSS 7.5
CVE-2024-10470 NOMISEC CRITICAL
WPLMS Learning Management System for WordPress <= 4.962 - Arbitrary File Read/Deletion via Path Validation
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.
by 0xshoriful
CVSS 9.8
CVE-2024-52380 NOMISEC CRITICAL
Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.
by 0xshoriful
CVSS 10.0
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by thomaspatzke
93 stars
CVSS 10.0
CVE-2024-24409 NOMISEC HIGH
ManageEngine ADManager Plus <= 7203 - Privilege Escalation via Modify Computers Option
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
by passtheticket
1 stars
CVSS 8.8
CVE-2024-53617 NOMISEC MEDIUM
LibrePhotos - Cross-Site Scripting and Authorization Bypass via File Upload
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.
by ii5mai1
CVSS 4.8
CVE-2024-21683 NOMISEC HIGH
Atlassian Confluence Data Center and Server - Remote Code Execution
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
by r3db34rdh4x
CVSS 8.8
CVE-2024-10220 NOMISEC HIGH
Kubernetes <1.28.11, 1.29.0-1.29.6, 1.30.0-1.30.2 - Command Injection
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
by any2sec
CVSS 8.1
CVE-2024-12345 NOMISEC MEDIUM
INW Krbyyyzo 25.2002 - Resource Consumption via /gbo.aspx s Parameter
A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well.
by RoyaRadin
CVSS 4.4
CVE-2024-8069 NOMISEC HIGH
Citrix Session Recording - Privilege Escalation
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
by mdiqbalahmad
CVSS 8.0
CVE-2024-39090 NOMISEC MEDIUM
PHPGurukul Online Shopping Portal 2.0 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover.
by ghostwirez
CVSS 6.1