Nomisec Exploits

22,706 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-46627 NOMISEC CRITICAL
BECN DATAGERRY v2.2 - Improper Access Control
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
by d4lyw
CVSS 9.1
CVE-2024-7593 NOMISEC CRITICAL
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
by D3N14LD15K
9 stars
CVSS 9.8
CVE-2024-28987 NOMISEC CRITICAL
SolarWinds Web Help Desk - Hardcoded Credential
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
by horizon3ai
7 stars
CVSS 9.1
CVE-2024-47066 NOMISEC CRITICAL
lobehub/lobe_chat < 1.19.13 - Server-Side Request Forgery via Redirect Bypass
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
by l8BL
3 stars
CVSS 9.0
CVE-2024-8349 NOMISEC HIGH
Uncanny Groups for LearnDash <6.1.0.1 - Privilege Escalation
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.
by karlemilnikka
CVSS 7.2
CVE-2024-8484 NOMISEC HIGH
REST API TO MiniProgram < 4.7.1 - Unauthenticated SQL Injection via Order Parameter
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
1 stars
CVSS 7.5
CVE-2007-4559 NOMISEC CRITICAL
Python < 3.6.16 - Path Traversal via Tarfile Extract Functions
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
by m0d0ri205
CVSS 9.8
CVE-2024-43918 NOMISEC CRITICAL
WBW Product Table PRO < 1.9.4 - Unauthenticated SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
by KTN1990
3 stars
CVSS 10.0
CVE-2024-37084 NOMISEC CRITICAL
Spring Cloud Data Flow < 2.11.4 - Authenticated Arbitrary File Write via Skipper Server API
In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
by Kayiyan
3 stars
CVSS 9.8
CVE-2020-27252 NOMISEC HIGH
Medtronic MyCareLink Smart 25000 - RCE
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
by OccultSlolem
CVSS 8.8
CVE-2023-4220 NOMISEC HIGH
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
by VanishedPeople
CVSS 8.1
CVE-2024-7954 NOMISEC CRITICAL
SPIP porte_plume - Unauthenticated PHP Code Execution
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
by TheCyberguy-17
5 stars
CVSS 9.8
CVE-2021-28164 NOMISEC MEDIUM
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
by jammy0903
1 stars
CVSS 5.3
CVE-2021-24959 NOMISEC HIGH
WP Email Users <1.7.6 - SQL Injection
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
by RandomRobbieBF
1 stars
CVSS 8.8
CVE-2024-46377 NOMISEC CRITICAL
Best House Rental Management System 1.0 - Arbitrary File Upload via save_settings() Function
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.
by vidura2
2 stars
CVSS 9.8
CVE-2024-46451 NOMISEC CRITICAL
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 - Buffer Overflow in setWiFiAclRules via desc Parameter
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
by vidura2
2 stars
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by ArenaldyP
CVSS 9.8
CVE-2024-46986 NOMISEC CRITICAL
Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
by vidura2
2 stars
CVSS 9.9
CVE-2014-6271 NOMISEC CRITICAL
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by J0hnTh3Kn1ght
5 stars
CVSS 9.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by btar1gan
CVSS 6.5
CVE-2019-9053 NOMISEC HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by Azrenom
1 stars
CVSS 8.1
CVE-2024-3273 NOMISEC HIGH
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
by X-Projetion
CVSS 7.3
CVE-2024-42861 NOMISEC HIGH
linuxptp < 4.2 - Denial of Service via Crafted Pdelay_Req Message
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
by qiupy123
CVSS 7.5
CVE-2006-0987 NOMISEC
ISC BIND - Denial of Service via DNS Query Traffic Amplification
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
by pcastagnaro
1 stars
CVE-2023-30253 NOMISEC HIGH
Dolibarr < 17.0.1 - Authenticated Remote Code Execution via Uppercase PHP Tag Injection
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
by bluetoothStrawberry
CVSS 8.8