Nomisec Exploits
21,809 exploits tracked across all sources.
Oretnom23 Customer Support System - SQL Injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
by geraldoalcantara
CVSS 8.8
Oretnom23 Book Store Management System - XSS
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter.
by geraldoalcantara
CVSS 6.1
Oretnom23 Book Store Management System - XSS
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter.
by geraldoalcantara
CVSS 6.1
request-baskets <1.2.1 - SSRF
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by KharimMchatta
Discourse < 3.1.3 - Injection
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.
by Cristiano100
CVSS 5.3
Oretnom23 School Fees Management System - XSS
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.
by geraldoalcantara
CVSS 5.4
Oretnom23 School Fees Management System - XSS
A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
by geraldoalcantara
CVSS 4.7
Oretnom23 School Fees Management System - Incorrect Authorization
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.
by geraldoalcantara
CVSS 8.8
Customer Support System <v1 - Info Disclosure
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
by geraldoalcantara
CVSS 7.5
Oretnom23 Customer Support System - Improper Access Control
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
by geraldoalcantara
CVSS 8.8
Oretnom23 Customer Support System - XSS
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
by geraldoalcantara
CVSS 5.4
Oretnom23 Customer Support System - XSS
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
by geraldoalcantara
CVSS 6.1
Oretnom23 Customer Support System - XSS
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
by geraldoalcantara
CVSS 5.4
Oretnom23 Customer Support System - SQL Injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
by geraldoalcantara
CVSS 9.8
Oretnom23 Customer Support System - Improper Access Control
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
by geraldoalcantara
CVSS 7.5
Book Store Management System - Improper Access Control
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
by geraldoalcantara
CVSS 9.8
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by blacknbunny
Openbsd Openssh < 7.7 - Race Condition
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Moon1705
CVSS 5.3
Joomla! < 4.2.8 - Improper Access Control
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by gunzf0x
CVSS 5.3
Oretnom23 Customer Support System - SQL Injection
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.
by geraldoalcantara
CVSS 4.9
Mayurik Best Student Result Management System - Missing Authorization
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
by geraldoalcantara
CVSS 7.5
Fortinet Fortios < 5.6.10 - Hard-coded Credentials
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
by saladandonionrings
ownCloud Phpinfo Reader
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
by merlin-ke
CVSS 10.0
Nginx <1.14 - Info Disclosure
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
by coolman6942o
Tenda AC15 <V15.03.1.16_multi - RCE
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
by Scorpion-Security-Labs
CVSS 9.8
By Source