Nomisec Exploits

22,746 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-21345 NOMISEC HIGH
Windows Server 2022 23H2 < 10.0.25398.709 - Heap-based Buffer Overflow
Windows Kernel Elevation of Privilege Vulnerability
by exploits-forsale
77 stars
CVSS 8.8
CVE-2024-30973 NOMISEC HIGH
V-SOL G/EPON ONU HG323AC-B V2.0.08-210715 - RCE
An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc.
by Athos-Zago
CVSS 8.8
CVE-2015-20107 NOMISEC HIGH
Python < 3.7.15 - Command Injection via mailcap Module
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
by codeskipper
CVSS 7.6
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by thinkycx
CVSS 10.0
CVE-2024-3400 NOMISEC CRITICAL
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
by MurrayR0123
CVSS 10.0
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by christophetd
1,139 stars
CVSS 10.0
CVE-2023-43364 NOMISEC CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
by libertycityhacker
CVSS 9.8
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by minhbao15677
CVSS 9.8
CVE-2018-20250 NOMISEC HIGH
WinRAR <= 5.61 - Path Traversal and Remote Code Execution via ACE Filename Field
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
by LamSonBinh
CVSS 7.8
CVE-2019-10760 NOMISEC CRITICAL
safer-eval < 1.3.2 - Arbitrary Code Execution via Constructor Properties
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
by lirantal
CVSS 9.9
CVE-2023-23752 NOMISEC MEDIUM
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by AlissonFaoli
1 stars
CVSS 5.3
CVE-2024-3400 NOMISEC CRITICAL
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
by terminalJunki3
CVSS 10.0
CVE-2024-3400 NOMISEC CRITICAL
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
by 0xr2r
6 stars
CVSS 10.0
CVE-2024-2876 NOMISEC CRITICAL
Wordpress Email Subscribers by Icegram Express - SQL Injection
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by c0d3zilla
6 stars
CVSS 9.8
CVE-2024-1441 NOMISEC MEDIUM
Red Hat Enterprise Linux 9 - Denial of Service via udevListInterfacesByStatus Off-by-One Error
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
by almkuznetsov
CVSS 5.5
CVE-2022-35411 NOMISEC CRITICAL
rpc.py < 0.6.0 - Unauthenticated Remote Code Execution via Pickle Deserialization
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
by fuzzlove
1 stars
CVSS 9.8
CVE-2022-35411 NOMISEC CRITICAL
rpc.py < 0.6.0 - Unauthenticated Remote Code Execution via Pickle Deserialization
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
by Neo-okami
CVSS 9.8
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by W01fh4cker
42 stars
CVSS 10.0
CVE-2022-22954 NOMISEC CRITICAL
VMware Workspace ONE Access CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
by Schira4396
1,464 stars
CVSS 9.8
CVE-2021-21972 NOMISEC CRITICAL
VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
by Schira4396
1,464 stars
CVSS 9.8
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by Mufti22
CVSS 9.8
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by rbih-boulanouar
13 stars
CVSS 9.8
CVE-2024-4040 NOMISEC CRITICAL
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
by tucommenceapousser
1 stars
CVSS 9.8
CVE-2023-42793 NOMISEC CRITICAL
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by B4l3rI0n
10 stars
CVSS 9.8
CVE-2023-33733 NOMISEC HIGH
reportlab < 3.6.12 - Remote Code Execution via Crafted PDF File
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
by onion2203
1 stars
CVSS 7.8