Nomisec Exploits

22,766 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-46805 NOMISEC HIGH
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
by duy-31
23 stars
CVSS 8.2
CVE-2023-31756 NOMISEC MEDIUM
TP-Link Archer VR1600V Firmware <= 0.1.0_0.9.1_v5006.0 - Authenticated OS Command Injection
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.
by StanleyJobsonAU
2 stars
CVSS 6.7
CVE-2023-44451 NOMISEC HIGH
Linux Mint Xreader - Remote Code Execution via EPUB File Parsing Path Traversal
Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897.
by febinrev
10 stars
CVSS 7.8
CVE-2023-48858 NOMISEC MEDIUM
abo.cms 5.9 - Cross-Site Scripting via Login Page URL Parameter
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.
by Shumerez
CVSS 6.1
CVE-2023-44452 NOMISEC HIGH
Linux Mint Xreader - Remote Code Execution via CBT File Parsing Argument Injection
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132.
by febinrev
6 stars
CVSS 7.8
CVE-2023-22527 NOMISEC CRITICAL
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
by ga0we1
1 stars
CVSS 9.8
CVE-2023-43786 NOMISEC MEDIUM
libX11 < 1.8.7 - Denial of Service via PutSubImage Infinite Loop
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
by jfrog
CVSS 5.5
CVE-2020-11652 NOMISEC MEDIUM
SaltStack Salt < 2019.2.4 - Authenticated Path Traversal via ClearFuncs Methods
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
by limon768
4 stars
CVSS 6.5
CVE-2023-47883 NOMISEC CRITICAL
vladymix/tv_browser < 4.5.1 - JavaScript Code Execution via Exposed MainActivity
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
by actuator
2 stars
CVSS 9.8
CVE-2017-5693 NOMISEC HIGH
Intel Puma Firmware - Denial of Service via Crafted Network Traffic
Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.
by LunNova
16 stars
CVSS 7.5
CVE-2023-26609 NOMISEC HIGH
ABUS TVIP 20000-21150 Firmware - Remote Code Execution via Wireless MFT AP Field
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
by D1G17
CVSS 7.2
CVE-2023-26602 NOMISEC CRITICAL
ASUS ASMB8-iKVM Firmware <= 1.14.51 - Remote Code Execution via SNMP Extension Creation
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
by D1G17
CVSS 9.8
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by sunnyvale-it
2 stars
CVSS 9.8
CVE-2016-4437 NOMISEC CRITICAL
Apache Shiro < 1.2.5 - Remote Code Execution via Remember Me Feature
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
by xk-mt
CVSS 9.8
CVE-2022-0543 NOMISEC CRITICAL
Redis Lua Sandbox Escape
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
by 0x7eTeam
95 stars
CVSS 10.0
CVE-2021-42013 NOMISEC CRITICAL
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
by K3ysTr0K3R
4 stars
CVSS 9.8
CVE-2023-45866 NOMISEC MEDIUM
BlueZ Bluetooth HID Hosts - Unauthenticated Keyboard Input Injection
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
by Eason-zz
12 stars
CVSS 6.3
CVE-2023-51810 NOMISEC HIGH
StackIdeas EasyDiscuss <5.0.10 - SQL Injection
SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.
by Pastea
CVSS 7.5
CVE-2023-35813 NOMISEC CRITICAL
Sitecore Experience Manager, Experience Platform, Experience Commerce < 10.3 - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
by BagheeraAltered
5 stars
CVSS 9.8
CVE-2023-42793 NOMISEC CRITICAL
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by StanleyJobsonAU
CVSS 9.8
CVE-2023-6875 NOMISEC CRITICAL
Wordpress POST SMTP Account Takeover
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. CVE-2023-52233 appears to be a duplicate of this issue.
by UlyssesSaicha
25 stars
CVSS 9.8
CVE-2023-5043 NOMISEC HIGH
ingress-nginx < 1.9.0 - OS Command Injection via Annotation
Ingress nginx annotation injection causes arbitrary command execution.
by r0binak
CVSS 7.6
CVE-2023-28432 NOMISEC HIGH
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
by xk-mt
1 stars
CVSS 7.5
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by xk-mt
4 stars
CVSS 7.8
CVE-2021-3129 NOMISEC CRITICAL
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
by Axianke
5 stars
CVSS 9.8