Nomisec Exploits

21,657 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by foudadev
CVE-2024-37081 NOMISEC HIGH
vCenter Sudo Privilege Escalation
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
by Mr-r00t11
58 stars
CVSS 7.8
CVE-2023-4220 NOMISEC HIGH
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
by HO4XXX
CVSS 8.1
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by dgourillon
CVSS 8.1
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by mrmtwoj
CVSS 8.1
CVE-2024-39069 NOMISEC HIGH
Ifood Order Manager <3.35.5 - Code Injection
An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack.
by AungSoePaing
CVSS 7.8
CVE-2017-15099 NOMISEC MEDIUM
Postgresql - Information Disclosure
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
by ToontjeM
CVSS 6.5
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP <10.7.1-11.1.0 - RCE
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by entroychang
3 stars
CVSS 9.8
CVE-2024-37770 NOMISEC CRITICAL
B1ackc4t 14finger - Code Injection
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
by k3ppf0r
1 stars
CVSS 9.1
CVE-2023-28252 NOMISEC HIGH
Microsoft Windows 10 1507 < 10.0.10240.19869 - Out-of-Bounds Write
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by byt3n33dl3
6 stars
CVSS 7.8
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by devarshishimpi
13 stars
CVSS 8.1
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by IamLucif3r
CVE-2022-3368 NOMISEC HIGH
Avira Security <1.1.72.30556 - Privilege Escalation
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
by byt3n33dl3
7 stars
CVSS 7.3
CVE-2023-28229 NOMISEC HIGH
Windows CNG Key Isolation Service - Privilege Escalation
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
by byt3n33dl3
5 stars
CVSS 7.0
CVE-2024-5009 NOMISEC HIGH
Progress Whatsup Gold < 23.1.3 - Improper Privilege Management
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
by sinsinology
13 stars
CVSS 8.4
CVE-2024-4885 NOMISEC CRITICAL
Progress Whatsup Gold < 23.1.3 - Path Traversal
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
by sinsinology
17 stars
CVSS 9.8
CVE-2024-4883 NOMISEC CRITICAL
Progress Whatsup Gold < 23.1.3 - Command Injection
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
by sinsinology
11 stars
CVSS 9.8
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by vkaushik-chef
CVSS 8.1
CVE-2023-4220 NOMISEC HIGH
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
by Ziad-Sakr
5 stars
CVSS 8.1
CVE-2024-34102 NOMISEC CRITICAL
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
by unknownzerobit
CVSS 9.8
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by harshinsecurity
4 stars
CVSS 8.1
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP <10.7.1-11.1.0 - RCE
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by Stuub
60 stars
CVSS 9.8
CVE-2021-36396 NOMISEC HIGH
Moodle - SSRF
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
by T0X1Cx
20 stars
CVSS 7.5
CVE-2023-26035 NOMISEC HIGH
ZoneMinder <1.36.33-1.37.33 - RCE
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
by m3m0o
CVSS 7.2
CVE-2023-38646 NOMISEC CRITICAL
Metabase <0.46.6.1-1.46.6.1 - RCE
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by m3m0o
2 stars
CVSS 9.8
By Source
All 21,657 Writeup 60,146 Exploitdb 49,996 Nomisec 21,657 Metasploit 3,219 Github 2,561 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,938 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24