Nomisec Exploits

22,710 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by Faizan-Khanx
1 stars
CVSS 9.8
CVE-2024-43998 NOMISEC MEDIUM
WebsiteinWP Blogpoet <= 1.0.3 - Missing Authorization
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
by RandomRobbieBF
1 stars
CVSS 6.5
CVE-2024-44867 NOMISEC HIGH
phpok v3.0 - Path Traversal and Arbitrary File Read via /autoload/file.php
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.
by ChengZyin
2 stars
CVSS 7.5
CVE-2024-4577 NOMISEC CRITICAL
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
by aavamin
5 stars
CVSS 9.8
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by ShieldAuth-PHP
CVSS 9.8
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by lisu60
CVSS 7.8
CVE-2024-7856 NOMISEC HIGH
MP3 Audio Player by Sonaar <= 5.7.0.1 - Arbitrary File Deletion via removeTempFiles
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.
by l8BL
1 stars
CVSS 8.1
CVE-2024-44815 NOMISEC MEDIUM
Hathway Skyworth Router CM5100 <4.1.1.24 - Info Disclosure
Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.
by nitinronge91
CVSS 4.6
CVE-2024-28000 NOMISEC CRITICAL
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
by SSSSuperX
1 stars
CVSS 9.8
CVE-2022-0944 NOMISEC HIGH
sqlpad < 6.10.1 - Remote Code Execution via Template Injection in Connection Test Endpoint
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
by shhrew
7 stars
CVSS 7.2
CVE-2024-45058 NOMISEC HIGH
i-Educar <2.9 - Privilege Escalation
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue.
by 0xbhsu
CVSS 8.1
CVE-2024-6386 NOMISEC CRITICAL
WPML < 4.6.13 - Authenticated Remote Code Execution via Twig Server-Side Template Injection
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
by argendo
5 stars
CVSS 9.9
CVE-2024-31777 NOMISEC CRITICAL
openeclass < 3.15 - Remote Code Execution via certbadge.php File Upload
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.
by FreySolarEye
1 stars
CVSS 9.8
CVE-2024-23334 NOMISEC MEDIUM
aiohttp - Directory Traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
by s4botai
4 stars
CVSS 5.9
CVE-2024-29269 NOMISEC HIGH
Telesquare TLR-2005KSH - Remote Command Execution
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
by hack-with-rohit
5 stars
CVSS 8.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by FrancescoDiSalesGithub
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
by KernelKraze
9 stars
CVSS 9.8
CVE-2023-26035 NOMISEC HIGH
ZoneMinder < 1.36.33 - Unauthenticated Remote Code Execution via Snapshot Action
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
by heapbytes
7 stars
CVSS 7.2
CVE-2024-20017 NOMISEC CRITICAL
MediaTek WLAN Service - Zero-Click Remote Code Execution
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
by mellow-hype
140 stars
CVSS 9.8
CVE-2024-0195 NOMISEC MEDIUM
spider-flow 0.4.3 - Remote Code Execution via FunctionService.saveFunction
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
by hack-with-rohit
CVSS 6.3
CVE-2024-44812 NOMISEC CRITICAL
Online Complaint Site <1.0 - Privilege Escalation
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
by b1u3st0rm
CVSS 9.8
CVE-2024-28116 NOMISEC HIGH
Grav < 1.7.45 - Authenticated Server-Side Template Injection
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
by gunzf0x
CVSS 8.8
CVE-2024-24401 NOMISEC CRITICAL
Nagios XI 2024R1.01 - SQL Injection via monitoringwizard.php
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
by MAWK0235
36 stars
CVSS 9.8
CVE-2024-44902 NOMISEC CRITICAL
Thinkphp 6.1.3-8.0.4 - Code Injection
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
by fru1ts
7 stars
CVSS 9.8
CVE-2024-8517 NOMISEC CRITICAL
SPIP <4.3.2-4.1.18 - Command Injection
SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
by Chocapikk
16 stars
CVSS 9.8