Nomisec Exploits

22,731 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-30270 NOMISEC MEDIUM
mailcow < 2024-04 - Authenticated Path Traversal and Arbitrary Code Execution via rspamd_maps()
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue.
by Alchemist3dot14
4 stars
CVSS 6.2
CVE-2022-1565 NOMISEC HIGH
WP All Import < 3.6.8 - Authenticated Arbitrary File Upload via wp_all_import_get_gz.php
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.
by phanthibichtram12
CVSS 7.2
CVE-2022-1329 NOMISEC HIGH
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
by phanthibichtram12
CVSS 8.8
CVE-2024-34470 NOMISEC HIGH
HSC Mailinspector <5.2.18 - Path Traversal
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
by Cappricio-Securities
2 stars
CVSS 8.6
CVE-2023-29489 NOMISEC MEDIUM
cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
by Cappricio-Securities
CVSS 5.3
CVE-2019-9670 NOMISEC CRITICAL
Synacor Zimbra Collaboration Suite <8.7.11p10 - XXE
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
by Cappricio-Securities
CVSS 9.8
CVE-2024-29973 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by p0et08
CVSS 9.8
CVE-2021-20323 NOMISEC MEDIUM
Keycloak < 17.0.0 - Reflected Cross-Site Scripting via POST Request
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
by Cappricio-Securities
2 stars
CVSS 6.1
CVE-2018-8033 NOMISEC HIGH
Apache OFBiz 16.11.01-16.11.04 - Info Disclosure
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
by Cappricio-Securities
2 stars
CVSS 7.5
CVE-2021-42063 NOMISEC MEDIUM
SAP Knowledge Warehouse 7.30-7.50 - Cross-Site Scripting
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
by Cappricio-Securities
CVSS 6.1
CVE-2024-24590 NOMISEC HIGH
Allegro AI's ClearML <1.14.2 - Code Injection
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
by junnythemarksman
1 stars
CVSS 8.0
CVE-2019-9053 NOMISEC HIGH
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by Dh4nuJ4
6 stars
CVSS 8.1
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by s1d6point7bugcrowd
CVSS 9.8
CVE-2024-34470 NOMISEC HIGH
HSC Mailinspector <5.2.18 - Path Traversal
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
by Mr-r00t11
5 stars
CVSS 8.6
CVE-2024-29275 NOMISEC CRITICAL
SeaCMS 12.9 - Unauthenticated SQL Injection via id Parameter
SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.
by Cyphercoda
4 stars
CVSS 9.8
CVE-2023-4357 NOMISEC HIGH
Google Chrome <116.0.5845.96 - Auth Bypass
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
by CamillaFranceschini
CVSS 8.8
CVE-2024-29972 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by WanLiChangChengWanLiChang
1 stars
CVSS 9.8
CVE-2019-6250 NOMISEC HIGH
libzmq 4.2.0-4.2.4 and 4.3.0 - Authenticated Integer Overflow to Remote Code Execution in v2_decoder.cpp
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
by AkashicYiTai
1 stars
CVSS 8.8
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by claranet
11 stars
CVSS 10.0
CVE-2016-2004 NOMISEC CRITICAL
HPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
by marcocarolasec
CVSS 9.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by MalekAlthubiany
CVSS 7.5
CVE-2024-21762 NOMISEC CRITICAL
FortiOS/FortiProxy Out-of-bounds Write Vulnerability
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
by rdoix
1 stars
CVSS 9.8
CVE-2024-29973 NOMISEC CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by NanoWraith
10 stars
CVSS 9.8
CVE-2024-4367 NOMISEC HIGH
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
by UnHackerEnCapital
4 stars
CVSS 8.8
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by UnHackerEnCapital
4 stars
CVSS 7.8