Nomisec Exploits

22,770 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-17382 NOMISEC CRITICAL
Zabbix < 4.4 - Unauthenticated Authorization Bypass via Dashboard View Action
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
by K3ysTr0K3R
3 stars
CVSS 9.1
CVE-2022-40032 NOMISEC CRITICAL
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by h4md153v63n
5 stars
CVSS 9.8
CVE-2022-40348 NOMISEC MEDIUM
Intern Record System 1.0 - Cross-Site Scripting via Name and Email Parameters
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.
by h4md153v63n
3 stars
CVSS 5.4
CVE-2022-40347 NOMISEC CRITICAL
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by h4md153v63n
3 stars
CVSS 9.8
CVE-2020-13405 NOMISEC HIGH
Microweber <1.1.20 - Info Disclosure
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
by mrnazu
1 stars
CVSS 7.5
CVE-2023-23752 NOMISEC MEDIUM
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by C1ph3rX13
CVSS 5.3
CVE-2023-28432 NOMISEC HIGH
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
by C1ph3rX13
1 stars
CVSS 7.5
CVE-2023-51385 NOMISEC MEDIUM
OpenSSH < 9.6 - OS Command Injection via Shell Metacharacters in Username or Hostname
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
by FeatherStark
CVSS 6.5
CVE-2023-40362 NOMISEC MEDIUM
CentralSquare Click2Gov Building Permit - Unauthenticated Arbitrary Contractor Deletion
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
by ally-petitt
1 stars
CVSS 4.3
CVE-2023-49471 NOMISEC HIGH
bar_assistant < 3.2.0 - Authenticated Server-Side Request Forgery via Image::make()
Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.
by zunak
CVSS 8.8
CVE-2019-16784 NOMISEC HIGH
PyInstaller <3.6 - Privilege Escalation
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade).
by Ckrielle
CVSS 7.0
CVE-2023-26035 NOMISEC HIGH
ZoneMinder < 1.36.33 - Unauthenticated Remote Code Execution via Snapshot Action
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
by Yuma-Tsushima07
3 stars
CVSS 7.2
CVE-2022-1471 NOMISEC HIGH
PyTorch Model Server Registration and Deserialization RCE
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
by falconkei
4 stars
CVSS 8.3
CVE-2022-36779 NOMISEC MEDIUM
Proscend M330-W/M330-W5/M350-5G/M350-W5G/M350-6/M350-W6/M301-G/M301-GW & ADVICE ICR-111WG - OS Command Injection
PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301
by rootDR
3 stars
CVSS 6.5
CVE-2023-41772 NOMISEC HIGH
Windows 10/11, Server 2019/2022 Elevation of Privilege via Win32k
Win32k Elevation of Privilege Vulnerability
by R41N3RZUF477
13 stars
CVSS 7.8
CVE-2023-4911 NOMISEC HIGH
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
by puckiestyle
2 stars
CVSS 7.8
CVE-2023-0386 NOMISEC HIGH
Local Privilege Escalation via CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
by puckiestyle
12 stars
CVSS 7.8
CVE-2023-29489 NOMISEC MEDIUM
cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
by Makurorororororororo
2 stars
CVSS 5.3
CVE-2023-51281 NOMISEC MEDIUM
Customer Support System 1.0 - Cross-Site Scripting via Firstname Lastname Middlename Contact and Address Parameters
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
by geraldoalcantara
CVSS 5.4
CVE-2021-44026 NOMISEC CRITICAL
Roundcube < 1.3.17 and 1.4.x < 1.4.12 - SQL Injection via Search Parameters
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
by pentesttoolscom
13 stars
CVSS 9.8
CVE-2021-44026 NOMISEC CRITICAL
Roundcube < 1.3.17 and 1.4.x < 1.4.12 - SQL Injection via Search Parameters
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
by shanglyu
CVSS 9.8
CVE-2023-29357 NOMISEC CRITICAL
Sharepoint Dynamic Proxy Generator Unauth RCE
Microsoft SharePoint Server Elevation of Privilege Vulnerability
by Guillaume-Risch
4 stars
CVSS 9.8
CVE-2023-50254 NOMISEC CRITICAL
deepin_reader < 6.0.7 - Remote Code Execution via Crafted DOCX File
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
by febinrev
16 stars
CVSS 9.3
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by miles3719
CVSS 9.8
CVE-2020-24186 NOMISEC CRITICAL
wpDiscuz 7.0-7.0.4 - Unauthenticated Remote Code Execution via File Upload
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
by substing
13 stars
CVSS 10.0