Nomisec Exploits
22,697 exploits tracked across all sources.
Codezips Hospital Appointment System 1.0 - SQL Injection via Username Parameter in /loginAction.php
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by g-u-i-d
CVSS 7.3
Swoop 1-Click Login: Passwordless Authentication 1.4.5 - Authentication Bypass
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
by RandomRobbieBF
CVSS 9.8
Tareq Hasan Meetup <= 0.1 - Privilege Escalation via Authorization Bypass
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
by RandomRobbieBF
Sourcecodester Cab Management System 1.0 - Authenticated Stored Cross-Site Scripting via User Name Fields
A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last Name" fields.
by vighneshnair7
CVSS 5.4
Sourcecodester Toll Tax Management System 1.0 - Authenticated Stored Cross-Site Scripting via Owner Input Field
A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field.
by Shree-Chandragiri
CVSS 5.4
WatchTowerHQ <= 3.10.1 - Unauthenticated Authentication Bypass via Empty OTA Token
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
by RandomRobbieBF
CVSS 9.8
Sourcecodester Cab Management System 1.0 - SQL Injection via id Parameter
A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database.
by vighneshnair7
CVSS 6.5
Apache ActiveMQ <5.13.0 - RCE
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
by guigui237
CVSS 9.8
Pure-FTPd < 1.0.52 - Buffer Overflow
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
by rohilchaudhry
Wux Blog Editor <3.0.0 - File Upload
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
by RandomRobbieBF
Chetan Khandla Woocommerce Product Design <1.0.0 - Code Injection
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
by RandomRobbieBF
CVSS 10.0
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network
access to either a Java-based OpenWire broker or client to run arbitrary
shell commands by manipulating serialized class types in the OpenWire
protocol to cause either the client or the broker (respectively) to
instantiate any class on the classpath.
Users are recommended to upgrade
both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
which fixes this issue.
by nitzanoligo
CVSS 10.0
Udit Rawat Exam Matrix <1.5 - Privilege Escalation
Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.
by RandomRobbieBF
CVSS 9.8
PegaPoll <= 1.0.2 - Missing Authorization
Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2.
by RandomRobbieBF
CVSS 9.8
pfSense < 2.7.0 & pfSense Plus < 23.05.1 - RCE via interfaces_gif_edit.php & interfaces_gre_edit.php
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
by bl4ckarch
Import XML and RSS Feeds WordPress Plugin < 2.1.4 - PHP File Upload Code Execution
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
by bde574786
CVSS 7.2
Magisk App < canary 27007 - Privilege Escalation
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. User interaction is not needed for exploitation.
by canyie
WP Query Console <= 1.0 - Remote Code Execution
Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
by RandomRobbieBF
CVE-2015-3239
NOMISEC
libunwind 1.1 - Off-by-One Error in dwarf_to_unw_regnum
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
by RenukaSelvar
CVE-2015-3239
NOMISEC
libunwind 1.1 - Off-by-One Error in dwarf_to_unw_regnum
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
by RenukaSelvar
CVE-2015-3239
NOMISEC
libunwind 1.1 - Off-by-One Error in dwarf_to_unw_regnum
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
by RenukaSelvar
Scott Gamon Signup Page <1.0 - Privilege Escalation
Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0.
by RandomRobbieBF
CVSS 9.8
GRÜN spendino Spendenformular <1.0.1 - Privilege Escalation
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1.
by RandomRobbieBF
CVSS 9.8
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
by Diego-AltF4
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
by ahmetramazank
CVSS 9.8
By Source