Nomisec Exploits

22,699 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-4577 NOMISEC CRITICAL
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
by longhoangth18
5 stars
CVSS 9.8
CVE-2024-46532 NOMISEC CRITICAL
OpenHIS 1.0 - SQL Injection via PayController Refund Function
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.
by KamenRiderDarker
CVSS 9.8
CVE-2024-43965 NOMISEC HIGH
Smackcoders SendGrid for WordPress <= 1.4 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
by RandomRobbieBF
1 stars
CVSS 8.2
CVE-2023-27372 NOMISEC CRITICAL
SPIP < 4.2.1 - Remote Code Execution via Form Value Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
by nuts7
67 stars
CVSS 9.8
CVE-2024-35250 NOMISEC HIGH
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
by CrackerCat
8 stars
CVSS 7.8
CVE-2023-46022 NOMISEC HIGH
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter.
by ersinerenler
CVSS 7.8
CVE-2020-15916 NOMISEC CRITICAL
Tenda AC15 AC1900 15.03.05.19 - OS Command Injection via lanIp Parameter
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
by geniuszly
3 stars
CVSS 9.8
CVE-2024-26229 NOMISEC HIGH
Windows CSC Service - Elevation of Privilege via Heap-based Buffer Overflow
Windows CSC Service Elevation of Privilege Vulnerability
by mqxmm
CVSS 7.8
CVE-2023-52268 NOMISEC CRITICAL
FreeScout End-User Portal <1.0.65 - Auth Bypass
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.
by squ1dw3rm
CVSS 9.1
CVE-2024-8529 NOMISEC CRITICAL
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
2 stars
CVSS 10.0
CVE-2024-9822 NOMISEC CRITICAL
Pedalo Connector <= 2.0.5 - Unauthenticated Authentication Bypass via login_admin_user Function
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.
by RandomRobbieBF
1 stars
CVSS 9.8
CVE-2024-3656 NOMISEC HIGH
Keycloak < 24.0.5 - Authenticated Privilege Escalation via Admin REST API Endpoints
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
by h4x0r-dz
28 stars
CVSS 8.1
CVE-2021-40539 NOMISEC CRITICAL
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
by lpyzds
CVSS 9.8
CVE-2020-15368 NOMISEC MEDIUM
ASRock RGB Driver - Memory Corruption
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
by R7flex
9 stars
CVSS 5.5
CVE-2024-7593 NOMISEC CRITICAL
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
by h21n
CVSS 9.8
CVE-2024-7593 NOMISEC CRITICAL
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
by intel365
CVSS 9.8
CVE-2024-7593 NOMISEC CRITICAL
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
by kernel364
CVSS 9.8
CVE-2024-7593 NOMISEC CRITICAL
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
by voidbroker
CVSS 9.8
CVE-2024-29973 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by h21n
2 stars
CVSS 9.8
CVE-2024-29973 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by intel365
2 stars
CVSS 9.8
CVE-2024-29973 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by kernel364
2 stars
CVSS 9.8
CVE-2024-29973 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by voidbroker
CVSS 9.8
CVE-2016-5195 NOMISEC HIGH
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by talsim
4 stars
CVSS 7.0
CVE-2024-9570 NOMISEC HIGH
D-Link DIR-619L B1 2.06 - Buffer Overflow via formEasySetTimezone curTime Argument
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by dylvie
6 stars
CVSS 8.8
CVE-2024-23113 NOMISEC CRITICAL
Fortinet FortiOS/FortiProxy/FortiPAM/FortiSwitchManager Format String Vulnerability via Crafted Packets
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
by CheckCve2
1 stars
CVSS 9.8