Nomisec Exploits

21,744 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-4559 NOMISEC CRITICAL
Python - Path Traversal
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
by luigigubello
CVSS 9.8
CVE-2018-14847 NOMISEC CRITICAL
MikroTik RouterOS <6.42 - Path Traversal
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
by K3ysTr0K3R
5 stars
CVSS 9.1
CVE-2019-0232 NOMISEC HIGH
Apache Tomcat < 7.0.93 - OS Command Injection
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
by xsxtw
CVSS 8.1
CVE-2022-26134 NOMISEC CRITICAL
Confluence - Remote Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
by xsxtw
CVSS 9.8
CVE-2024-33438 NOMISEC HIGH
Cubecart < 6.5.5 - Unrestricted File Upload
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
by julio-cfa
3 stars
CVSS 8.0
CVE-2023-50685 NOMISEC HIGH
Hipcam Cameras RealServer <1.0 - DoS
An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter.
by MaximilianJungblut
17 stars
CVSS 7.5
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP <10.7.1-11.1.0 - RCE
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by jakabakos
3 stars
CVSS 9.8
CVE-2021-43217 NOMISEC HIGH
Windows EFS - RCE
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
by JolynNgSC
CVSS 8.1
CVE-2023-32749 NOMISEC HIGH
Pydio Cells < 3.0.12 - Incorrect Authorization
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
by xcr-19
CVSS 8.8
CVE-2024-33775 NOMISEC CRITICAL
Nagios XI - Improper Privilege Management
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
by Neo-XeD
CVSS 9.8
CVE-2023-38146 NOMISEC HIGH
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
by Jnnshschl
24 stars
CVSS 8.8
CVE-2019-16113 NOMISEC HIGH
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by tronghoang89
CVSS 8.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by xsxtw
CVSS 7.8
CVE-2022-22965 NOMISEC CRITICAL
Vmware Spring Framework < 5.2.20 - Code Injection
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by xsxtw
CVSS 9.8
CVE-2017-12149 NOMISEC CRITICAL
Jboss Application Server - Code Injection
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
by JesseClarkND
CVSS 9.8
CVE-2024-1086 NOMISEC HIGH
Linux Kernel < 5.15.149 - Use After Free
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
by CCIEVoice2009
CVSS 7.8
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP <10.7.1-11.1.0 - RCE
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by dhammerg
5 stars
CVSS 9.8
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by gotr00t0day
5 stars
CVSS 9.8
CVE-2018-15473 NOMISEC MEDIUM
Openbsd Openssh < 7.7 - Race Condition
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by epi052
111 stars
CVSS 5.3
CVE-2020-24490 NOMISEC MEDIUM
BlueZ - DoS
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
by AbrarKhan
CVSS 6.5
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP <10.7.1-11.1.0 - RCE
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by Praison001
CVSS 9.8
CVE-2020-24490 NOMISEC MEDIUM
BlueZ - DoS
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
by AbrarKhan
CVSS 6.5
CVE-2024-23334 NOMISEC MEDIUM
aiohttp - Directory Traversal
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
by brian-edgar-re
CVSS 5.9
CVE-2024-21345 NOMISEC HIGH
Microsoft Windows Server 2022 23h2 - Heap Buffer Overflow
Windows Kernel Elevation of Privilege Vulnerability
by FoxyProxys
CVSS 8.8
CVE-2019-15107 NOMISEC CRITICAL
Webmin < 1.920 - OS Command Injection
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by aamfrk
CVSS 9.8
By Source
All 21,744 Writeup 60,208 Exploitdb 50,000 Nomisec 21,744 Metasploit 3,219 Github 2,593 Vulncheck_xdb 905 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24