Nomisec Exploits

22,699 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-9264 NOMISEC CRITICAL
Grafana 11.0.0-11.0.5 - Authenticated Command Injection via DuckDB SQL Expressions
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
by punitdarji
CVSS 9.9
CVE-2024-27198 NOMISEC CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by Cythonic1
CVSS 9.8
CVE-2024-35250 NOMISEC HIGH
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
by ro0tmylove
15 stars
CVSS 7.8
CVE-2024-23334 NOMISEC MEDIUM
aiohttp - Directory Traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
by wizarddos
4 stars
CVSS 5.9
CVE-2024-10140 NOMISEC MEDIUM
Pharmacy Management System 1.0 - SQL Injection
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by holypryx
2 stars
CVSS 6.3
CVE-2024-6778 NOMISEC HIGH
Google Chrome <126.0.6478.182 - RCE
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
by r00tjunip3r1
6 stars
CVSS 7.5
CVE-2024-9264 NOMISEC CRITICAL
Grafana 11.0.0-11.0.5 - Authenticated Command Injection via DuckDB SQL Expressions
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
by z3k0sec
7 stars
CVSS 9.9
CVE-2023-46747 NOMISEC CRITICAL
F5 BIG-IP 13.1.0-13.1.4 - Unauthenticated Remote Command Execution via Configuration Utility Bypass
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by W01fh4cker
206 stars
CVSS 9.8
CVE-2021-32708 NOMISEC CRITICAL
Flysystem 1.0.0-1.1.3 - Remote Code Execution via Unicode Whitespace in File Extension
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
by fazilbaig1
1 stars
CVSS 9.8
CVE-2021-23383 NOMISEC MEDIUM
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
by fazilbaig1
1 stars
CVSS 5.6
CVE-2021-23369 NOMISEC MEDIUM
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
by fazilbaig1
1 stars
CVSS 5.6
CVE-2019-19919 NOMISEC CRITICAL
handlebars.js - Prototype Pollution leading to Remote Code Execution
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
by fazilbaig1
4 stars
CVSS 9.8
CVE-2024-48652 NOMISEC MEDIUM
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
by paragbagul111
CVSS 4.8
CVE-2024-9466 NOMISEC MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Authenticated Sensitive Information Disclosure in Log Files
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
by holypryx
1 stars
CVSS 6.5
CVE-2024-47176 NOMISEC MEDIUM
OpenPrinting cups-browsed - Attacker-Controlled IPP Request Server-Side Request Forgery
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
by 0x7556
CVSS 5.3
CVE-2024-48415 NOMISEC MEDIUM
Loan Management System 1.0 - Stored Cross-Site Scripting via New Borrower Parameters
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
by khaliquesX
CVSS 5.0
CVE-2024-6387 NOMISEC HIGH
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by l-urk
10 stars
CVSS 8.1
CVE-2024-33231 NOMISEC MEDIUM
Ferozo Email 1.1 - Cross-Site Scripting via PDF Preview Component
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.
by fdzdev
1 stars
CVSS 5.4
CVE-2020-35575 NOMISEC CRITICAL
TP-Link WA901ND <3.16.9(201211) beta - Info Disclosure
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
by dylvie
1 stars
CVSS 9.8
CVE-2024-44133 NOMISEC MEDIUM
macOS Sequoia - Privilege Escalation
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.
by yo-yo-yo-jbo
9 stars
CVSS 5.5
CVE-2024-9796 NOMISEC CRITICAL
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
by RandomRobbieBF
2 stars
CVSS 9.8
CVE-2024-46483 NOMISEC CRITICAL
Xlight FTP Server <3.9.4.3 - Buffer Overflow
Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.
by kn32
12 stars
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by thanawee321
3 stars
CVSS 9.8
CVE-2024-35133 NOMISEC MEDIUM
IBM Security Verify Access 10.0.0-10.0.8 - Authenticated Open Redirect via OIDC Provider
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
by Ozozuz
CVSS 6.8
CVE-2024-9593 NOMISEC HIGH
Time Clock and Time Clock Pro <= 1.2.2 - Unauthenticated Remote Code Execution via etimeclockwp_load_function_callback
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
by RandomRobbieBF
7 stars
CVSS 8.3