Nomisec Exploits

22,754 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-21378 NOMISEC HIGH
Microsoft Outlook - Remote Code Execution
Microsoft Outlook Remote Code Execution Vulnerability
by d0rb
9 stars
CVSS 8.8
CVE-2023-30943 NOMISEC MEDIUM
Moodle 4.1.0-4.1.2 - Unauthenticated Arbitrary Folder Creation via TinyMCE Loader
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
by d0rb
18 stars
CVSS 6.5
CVE-2023-38545 NOMISEC CRITICAL
libcurl 7.69.0-8.4.0 - Heap-Based Buffer Overflow in SOCKS5 Proxy Handshake
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
by d0rb
22 stars
CVSS 9.8
CVE-2023-36874 NOMISEC HIGH
Windows Error Reporting Service - Privilege Escalation
Windows Error Reporting Service Elevation of Privilege Vulnerability
by d0rb
77 stars
CVSS 7.8
CVE-2024-25153 NOMISEC CRITICAL
FileCatalyst Workflow Web Portal - Path Traversal
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
by nettitude
42 stars
CVSS 9.8
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by yoryio
5 stars
CVSS 9.8
CVE-2024-21413 NOMISEC CRITICAL
Microsoft 365 Apps and Office 2016-2019 - Remote Code Execution via Moniker Link
Microsoft Outlook Remote Code Execution Vulnerability
by CMNatic
217 stars
CVSS 9.8
CVE-2024-28715 NOMISEC HIGH
DOraCMS < 2.18 - Cross-Site Scripting via markdown0 Function
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint.
by Lq0ne
CVSS 8.8
CVE-2023-29478 NOMISEC CRITICAL
BiblioCraft < 2.4.6 - Path Traversal and Remote Code Execution via Filename Sanitization Bypass
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.
by Exopteron
14 stars
CVSS 9.8
CVE-2019-14678 NOMISEC CRITICAL
SAS XML Mapper 9.45 - XML External Entity Injection
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.
by mbadanoiu
CVSS 10.0
CVE-2024-20696 NOMISEC HIGH
Microsoft Windows libarchive - Remote Code Execution
Windows libarchive Remote Code Execution Vulnerability
by clearbluejar
8 stars
CVSS 7.3
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by eurogig
CVSS 10.0
CVE-2023-49070 NOMISEC CRITICAL
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
by D0g3-8Bit
18 stars
CVSS 9.8
CVE-2024-28741 NOMISEC HIGH
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
by chebuya
5 stars
CVSS 8.8
CVE-2024-27665 NOMISEC MEDIUM
Unifiedtransform v2.X - Stored Cross-Site Scripting via Syllabus Module File Upload
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
by Thirukrishnan
CVSS 5.4
CVE-2024-27198 NOMISEC CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by W01fh4cker
155 stars
CVSS 9.8
CVE-2024-26475 NOMISEC MEDIUM
radare2 0.9.7-5.8.6 - Denial of Service via grub_sfs_read_extent Function
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
by TronciuVlad
1 stars
CVSS 5.5
CVE-2018-15133 NOMISEC HIGH
Laravel Framework < 5.5.40 and 5.6.x < 5.6.30 - Remote Code Execution via Unserialize of X-XSRF-TOKEN
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
by kozmic
259 stars
CVSS 8.1
CVE-2024-27198 NOMISEC CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by rampantspark
CVSS 9.8
CVE-2024-27198 NOMISEC CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by K3ysTr0K3R
6 stars
CVSS 9.8
CVE-2023-1498 NOMISEC MEDIUM
Responsive Hotel Site 1.0 - SQL Injection
A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability.
by Decemberus
2 stars
CVSS 6.3
CVE-2024-27198 NOMISEC CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by CharonDefalt
1 stars
CVSS 9.8
CVE-2023-3047 NOMISEC CRITICAL
TMT Lockcell < 15.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15.
by Kimsovannareth
2 stars
CVSS 9.8
CVE-2023-41993 NOMISEC HIGH
iPadOS < 17.0.1 - Remote Code Execution via Web Content Processing
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
by po6ix
200 stars
CVSS 8.8
CVE-2024-27198 NOMISEC CRITICAL
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
by passwa11
3 stars
CVSS 9.8