Nomisec Exploits

22,766 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-23746 NOMISEC CRITICAL
Miro Desktop 0.8.18 - Local Code Injection via Electron App Bundle Manipulation
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).
by louiselalanne
3 stars
CVSS 9.8
CVE-2021-4034 NOMISEC HIGH
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by Pol-Ruiz
CVSS 7.8
CVE-2023-1326 NOMISEC HIGH
apport < 2.26.0 - Privilege Escalation via Terminal Size Manipulation
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
by Pol-Ruiz
CVSS 7.7
CVE-2018-5158 NOMISEC HIGH
Firefox ESR < 52.8-Firefox < 60 - Code Injection
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
by puzzle-tools
1 stars
CVSS 8.8
CVE-2023-45184 NOMISEC MEDIUM
IBM i Access Client Solutions <1.1.2, 1.1.4.3-1.1.9.3 - Info Disclo...
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270.
by afine-com
CVSS 6.2
CVE-2023-45182 NOMISEC HIGH
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 - Information Disclosure
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.
by afine-com
CVSS 7.4
CVE-2024-23747 NOMISEC HIGH
ModernaNet Hospital Management System 2024 - Insecure Direct Object Reference via Laudo ID Parameter
The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.
by louiselalanne
CVSS 7.5
CVE-2023-7028 NOMISEC CRITICAL
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
by mochammadrafi
CVSS 10.0
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by digital-dev
CVSS 10.0
CVE-2019-12840 NOMISEC HIGH
Webmin < 1.910 - Authenticated Remote Command Execution via Package Updates Module
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
by Pol-Ruiz
CVSS 8.8
CVE-2024-23745 NOMISEC CRITICAL
Notion Web Clipper 1.0.3(7) - Command Injection via Dirty NIB Attack
In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.
by louiselalanne
2 stars
CVSS 9.8
CVE-2020-1472 NOMISEC MEDIUM
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by whoami-chmod777
2 stars
CVSS 5.5
CVE-2023-46805 NOMISEC HIGH
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
by w2xim3
2 stars
CVSS 8.2
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by thanhlam-attt
5 stars
CVSS 9.8
CVE-2024-23743 NOMISEC LOW
notion/notion < 3.1.0 - Unauthenticated Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."
by giovannipajeu1
1 stars
CVSS 3.3
CVE-2024-23742 NOMISEC CRITICAL
Loom < 0.196.1 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.
by giovannipajeu1
1 stars
CVSS 9.8
CVE-2024-23741 NOMISEC CRITICAL
Hyper < 3.4.1 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
by giovannipajeu1
CVSS 9.8
CVE-2024-23739 NOMISEC CRITICAL
Discord < 0.0.291 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
by giovannipajeu1
3 stars
CVSS 9.8
CVE-2024-23740 NOMISEC CRITICAL
Kap for macOS <=3.6.0 - Remote Code Execution via RunAsNode Settings
An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
by giovannipajeu1
CVSS 9.8
CVE-2024-23738 NOMISEC CRITICAL
Postman < 10.22 - Remote Code Execution via RunAsNode Configuration
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."
by giovannipajeu1
1 stars
CVSS 9.8
CVE-2024-22922 NOMISEC CRITICAL
Projectworlds Vistor Management System <1.0 - Privilege Escalation
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php
by pwnpwnpur1n
CVSS 9.8
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by mindcodings
5 stars
CVSS 9.8
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by adminlove520
5 stars
CVSS 9.8
CVE-2024-22889 NOMISEC HIGH
Plone 6.0.9 - Unauthenticated Arbitrary File Read via Crafted Request
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
by shenhav12
CVSS 7.5
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by MaanVader
1 stars
CVSS 9.8