Nomisec Exploits

22,699 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-23113 NOMISEC CRITICAL
Fortinet FortiOS/FortiProxy/FortiPAM/FortiSwitchManager Format String Vulnerability via Crafted Packets
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
by p33d
10 stars
CVSS 9.8
CVE-2022-23808 NOMISEC MEDIUM
phpMyAdmin 5.1.0-5.1.1 - Cross-Site Scripting in Setup Script
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
by dipakpanchal05
115 stars
CVSS 6.1
CVE-2024-39205 NOMISEC CRITICAL
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
by Marven11
17 stars
CVSS 9.8
CVE-2019-14287 NOMISEC HIGH
Sudo <1.8.28 - Privilege Escalation
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
by lemonadern
CVSS 8.8
CVE-2023-33246 NOMISEC CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
by vulncheck-oss
5 stars
CVSS 9.8
CVE-2019-20085 NOMISEC HIGH
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by AleDiBen
6 stars
CVSS 7.5
CVE-2024-10410 NOMISEC MEDIUM
Online Hotel Reservation System 1.0 - Unrestricted File Upload via Image Parameter in Room Add Function
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by K1nakoo
CVSS 6.3
CVE-2022-23131 NOMISEC CRITICAL
Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
by davidzzo23
3 stars
CVSS 9.1
CVE-2022-22954 NOMISEC CRITICAL
VMware Workspace ONE Access CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
by corelight
1 stars
CVSS 9.8
CVE-2024-48392 NOMISEC MEDIUM
OrangeScrum 2.0.11 - Stored Cross-Site Scripting via User Email Input
OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.
by Renzusclarke
CVSS 5.4
CVE-2021-3831 NOMISEC MEDIUM
gnuboard5 < 5.4.20 - Cross-Site Scripting
gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
by aratane
CVSS 6.1
CVE-2022-41082 NOMISEC HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
Microsoft Exchange Server Remote Code Execution Vulnerability
by soltanali0
3 stars
CVSS 8.0
CVE-2024-24725 NOMISEC HIGH
Gibbon < 26.0.00 - Authenticated PHP Deserialization via columnOrder Parameter
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
by MelkorW
1 stars
CVSS 8.8
CVE-2024-48427 NOMISEC HIGH
Sourcecodester Packers and Movers Management System 1.0 - Authenticated SQL Injection via id Parameter
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id
by vighneshnair7
1 stars
CVSS 8.8
CVE-2024-37383 NOMISEC MEDIUM
Roundcube Webmail < 1.5.7 and 1.6.x < 1.6.7 - Cross-Site Scripting via SVG Animate Attributes
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
by bartfroklage
5 stars
CVSS 6.1
CVE-2023-22098 NOMISEC HIGH
Oracle VM VirtualBox <7.0.12 - Privilege Escalation
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
by Diego-AltF4
10 stars
CVSS 8.2
CVE-2024-10355 NOMISEC MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/invoice.php id Parameter
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by K1nakoo
CVSS 4.7
CVE-2024-10354 NOMISEC MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/print.php id Parameter
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by K1nakoo
CVSS 4.7
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by rahisec
CVSS 9.8
CVE-2023-4220 NOMISEC HIGH
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
by bueno-armando
CVSS 8.1
CVE-2024-22243 NOMISEC HIGH
UriComponentsBuilder - Open Redirect
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.
by SeanPesce
9 stars
CVSS 8.1
CVE-2011-2523 NOMISEC CRITICAL
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by vaishnavucv
CVSS 9.8
CVE-2024-9264 NOMISEC CRITICAL
Grafana 11.0.0-11.0.5 - Authenticated Command Injection via DuckDB SQL Expressions
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
by z3k0sec
39 stars
CVSS 9.9
CVE-2023-21987 NOMISEC HIGH
Oracle VM VirtualBox <6.1.44-7.0.8 - Privilege Escalation
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
by chunzhennn
1 stars
CVSS 7.8
CVE-2024-48914 NOMISEC CRITICAL
Vendure asset-server-plugin < 2.3.3 and 3.0.0-3.0.5 - Path Traversal and Denial of Service via Malformed URI
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`.
by EQSTLab
5 stars
CVSS 9.1