Nomisec Exploits

21,822 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-45857 NOMISEC MEDIUM
Axios 1.5.1 - Info Disclosure
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
by valentin-panov
CVSS 6.5
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by reket99
CVSS 10.0
CVE-2021-41277 NOMISEC CRITICAL
Metabase - Local File Inclusion
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
by RubXkuB
1 stars
CVSS 10.0
CVE-2021-39165 NOMISEC HIGH
Chachethq Cachet < 2.3.18 - Authentication Bypass
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.
by manbolq
CVSS 8.1
CVE-2021-25741 NOMISEC HIGH
Kubernetes - Path Traversal
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
by cdxiaodong
CVSS 8.8
CVE-2023-33517 NOMISEC HIGH
carRental 1.0 - Info Disclosure
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).
by wushigudan
CVSS 7.5
CVE-2021-21974 NOMISEC HIGH
Vmware Esxi < 3.10.1.2 - Out-of-Bounds Write
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
by hateme021202
CVSS 8.8
CVE-2023-45966 NOMISEC HIGH
umputun remark42 <1.12.1 - SSRF
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
by jet-pentest
CVSS 7.5
CVE-2023-41993 NOMISEC HIGH
Apple Macos < 14.0 - Improper Condition Check
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
by hrtowii
16 stars
CVSS 8.8
CVE-2021-44168 NOMISEC LOW
Fortinet Fortios < 6.0.14 - Download Without Integrity Check
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
by 0xhaggis
21 stars
CVSS 3.3
CVE-2023-4169 NOMISEC MEDIUM
Ruijie Rg-ew1200g Firmware - Improper Access Control
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by thedarknessdied
27 stars
CVSS 6.3
CVE-2023-5540 NOMISEC MEDIUM
Moodle < 3.9.24 - Code Injection
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
by cli-ish
CVSS 4.7
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by JoyGhoshs
CVSS 10.0
CVE-2023-5539 NOMISEC MEDIUM
Moodle < 3.9.24 - Code Injection
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
by cli-ish
CVSS 4.7
CVE-2023-28330 NOMISEC MEDIUM
Moodle < 3.9.20 - Improper Input Validation
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
by cli-ish
CVSS 6.5
CVE-2023-28329 NOMISEC HIGH
Moodle < 3.9.20 - SQL Injection
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
by cli-ish
CVSS 8.8
CVE-2023-4911 NOMISEC HIGH
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
by chaudharyarjun
42 stars
CVSS 7.8
CVE-2019-19781 NOMISEC CRITICAL
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by VladRico
7 stars
CVSS 9.8
CVE-2023-38646 NOMISEC CRITICAL
Metabase <0.46.6.1-1.46.6.1 - RCE
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by threatHNTR
CVSS 9.8
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by Aviksaikat
1 stars
CVE-2016-0792 NOMISEC HIGH
Jenkins XStream Groovy classpath Deserialization Vulnerability
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
by Aviksaikat
1 stars
CVSS 8.8
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by emomeni
1 stars
CVSS 10.0
CVE-2022-23988 NOMISEC MEDIUM
WS Form LITE & Pro <1.8.176 - XSS
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission
by simonepetruzzi
CVSS 6.1
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by Tounsi007
11 stars
CVSS 10.0
CVE-2023-32784 NOMISEC HIGH
Keepass < 2.54 - Cleartext Transmission
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
by le01s
CVSS 7.5
By Source
All 21,822 Writeup 60,263 Exploitdb 50,007 Nomisec 21,822 Metasploit 3,224 Github 2,602 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,342 python 5,978 ruby 5,913 c 3,569 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24