Nomisec Exploits

22,766 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-1000027 NOMISEC CRITICAL
Pivotal Spring Framework <5.3.16 - RCE
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
by yihtserns
CVSS 9.8
CVE-2023-35080 NOMISEC HIGH
Ivanti Secure Access Client < 22.6 - Incorrect Default Permissions
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
by HopHouse
1 stars
CVSS 7.8
CVE-2024-24816 NOMISEC MEDIUM
CKEditor4 < 4.24.0-lts - Cross-Site Scripting via Preview Feature
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.
by afine-com
2 stars
CVSS 6.1
CVE-2019-5029 NOMISEC CRITICAL
Exhibitor Web UI <1.7.1 - Command Injection
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.
by thehunt1s0n
4 stars
CVSS 9.8
CVE-2023-0099 NOMISEC MEDIUM
Simple URLs < 115 - Reflected Cross-Site Scripting
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
by amirzargham
6 stars
CVSS 6.1
CVE-2022-30190 NOMISEC HIGH
Microsoft Office Word MSDTJS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
by AbdulRKB
5 stars
CVSS 7.8
CVE-2024-22024 NOMISEC HIGH
Ivanti Connect Secure - XXE
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
by 0dteam
30 stars
CVSS 8.3
CVE-2024-23897 NOMISEC CRITICAL
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by Praison001
3 stars
CVSS 9.8
CVE-2018-9995 NOMISEC CRITICAL
TBK DVR4104 and DVR4216 - Unauthenticated Authentication Bypass via Cookie Header
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
by arminarab1999
CVSS 9.8
CVE-2022-42889 NOMISEC CRITICAL
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
by joshbnewton31080
CVSS 9.8
CVE-2021-32789 NOMISEC HIGH
WooCommerce Gutenberg Blocks <2.5.16 - SQL Injection
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
by DonVorrin
CVSS 7.5
CVE-2020-29254 NOMISEC HIGH
TikiWiki 21.2 - Cross-Site Request Forgery in Template Editor
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
by S1lkys
CVSS 8.8
CVE-2024-1304 NOMISEC MEDIUM
Badger Meter Monitool < 4.7 - Cross-Site Scripting
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.
by guillermogm4
CVSS 6.3
CVE-2024-1303 NOMISEC MEDIUM
Badger Meter Monitool < 4.7 - Authenticated Path Traversal via Download-File Functionality
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.
by guillermogm4
CVSS 6.5
CVE-2024-1302 NOMISEC HIGH
Badger Meter Monitool < 4.7 - Exposure of Sensitive Information via File Parameter Manipulation
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials.
by guillermogm4
CVSS 7.3
CVE-2024-1301 NOMISEC CRITICAL
Badger Meter Monitool < 4.7 - SQL Injection via j_username Parameter
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.
by guillermogm4
CVSS 9.8
CVE-2023-30547 NOMISEC CRITICAL
Vm2 < 3.9.16 - Injection
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
by user0x1337
CVSS 9.8
CVE-2018-4233 NOMISEC HIGH
Safari < 11.1.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by saelo
180 stars
CVSS 8.8
CVE-2024-24488 NOMISEC MEDIUM
Tendacn Cp3 Firmware - Cleartext Storage
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.
by legacyobj
4 stars
CVSS 5.5
CVE-2024-24488 NOMISEC MEDIUM
Tendacn Cp3 Firmware - Cleartext Storage
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.
by minj-ae
4 stars
CVSS 5.5
CVE-2017-7921 NOMISEC CRITICAL
Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530 - Improper Authentication
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
by yousouf-Tasfin
4 stars
CVSS 9.8
CVE-2023-6895 NOMISEC MEDIUM
Hikvision Intercom Broadcast System 3.0.3-4.1.0 - OS Command Injection via jsondata[ip] Parameter
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
by nles-crt
CVSS 6.3
CVE-2023-4450 NOMISEC MEDIUM
jeecg/jimureport < 1.6.1 - Server-Side Template Injection in Template Handler
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.
by ilikeoyt
22 stars
CVSS 6.3
CVE-2024-20931 NOMISEC HIGH
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Unauthorized Data Access via T3/IIOP
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
by Leocodefocus
1 stars
CVSS 7.5
CVE-2024-22514 NOMISEC HIGH
iSpyConnect.com Agent DVR <5.1.6.0 - Code Injection
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.
by Orange-418
CVSS 8.8