Nomisec Exploits

22,743 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-29988 NOMISEC HIGH
SmartScreen Prompt - Privilege Escalation
SmartScreen Prompt Security Feature Bypass Vulnerability
by Sploitus
7 stars
CVSS 8.8
CVE-2024-27956 NOMISEC CRITICAL
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
by diego-tella
89 stars
CVSS 9.9
CVE-2024-28757 NOMISEC HIGH
libexpat < 2.6.2 - XML Entity Expansion via External Parser
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
by saurabh2088
CVSS 7.5
CVE-2009-3103 NOMISEC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
by sec13b
CVE-2024-28757 NOMISEC HIGH
libexpat < 2.6.2 - XML Entity Expansion via External Parser
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
by saurabh2088
CVSS 7.5
CVE-2024-28757 NOMISEC HIGH
libexpat < 2.6.2 - XML Entity Expansion via External Parser
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
by RenukaSelvar
CVSS 7.5
CVE-2023-23752 NOMISEC MEDIUM
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by JohnDoeAnonITA
2 stars
CVSS 5.3
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by JAthulya
1 stars
CVSS 9.8
CVE-2021-4034 NOMISEC HIGH
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by supportingmx
CVSS 7.8
CVE-2007-4559 NOMISEC CRITICAL
Python < 3.6.16 - Path Traversal via Tarfile Extract Functions
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
by luigigubello
CVSS 9.8
CVE-2018-14847 NOMISEC CRITICAL
MikroTik RouterOS <6.42 - Path Traversal
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
by K3ysTr0K3R
5 stars
CVSS 9.1
CVE-2019-0232 NOMISEC HIGH
Apache Tomcat 7.0.0-7.0.93, 8.5.0-8.5.39, 9.0.0.M1-9.0.17 - Remote Code Execution via CGI Servlet
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
by xsxtw
CVSS 8.1
CVE-2022-26134 NOMISEC CRITICAL
Confluence - Remote Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
by xsxtw
CVSS 9.8
CVE-2024-33438 NOMISEC HIGH
CubeCart < 6.5.5 - Authenticated Arbitrary Code Execution via PHAR File Upload
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
by julio-cfa
3 stars
CVSS 8.0
CVE-2023-50685 NOMISEC HIGH
Hipcam Cameras RealServer <1.0 - DoS
An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter.
by MaximilianJungblut
17 stars
CVSS 7.5
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by jakabakos
3 stars
CVSS 9.8
CVE-2021-43217 NOMISEC HIGH
Windows EFS - Remote Code Execution
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
by JolynNgSC
CVSS 8.1
CVE-2023-32749 NOMISEC HIGH
Pydio Cells < 3.0.12 - Unauthenticated Privilege Escalation via External User Role Assignment
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
by xcr-19
CVSS 8.8
CVE-2024-33775 NOMISEC CRITICAL
Nagios XI 2024R1.01 - Privilege Escalation via Autodiscover Dashlet
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
by Neo-XeD
CVSS 9.8
CVE-2023-38146 NOMISEC HIGH
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
by Jnnshschl
24 stars
CVSS 8.8
CVE-2019-16113 NOMISEC HIGH
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by tronghoang89
CVSS 8.8
CVE-2022-0847 NOMISEC HIGH
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by xsxtw
CVSS 7.8
CVE-2022-22965 NOMISEC CRITICAL
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by xsxtw
CVSS 9.8
CVE-2017-12149 NOMISEC CRITICAL
Jboss Application Server - Code Injection
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
by JesseClarkND
CVSS 9.8
CVE-2024-1086 NOMISEC HIGH
Linux Kernel 3.15-5.15.149 - Use-After-Free in nf_tables Component
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
by CCIEVoice2009
CVSS 7.8