Nomisec Exploits

22,770 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-22965 NOMISEC CRITICAL
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by cxzero
1 stars
CVSS 9.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by wagneralves
1 stars
CVSS 7.5
CVE-2019-13288 NOMISEC MEDIUM
Glyphandcog Xpdfreader - Denial of Service
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
by Fineas
2 stars
CVSS 5.5
CVE-2023-46604 NOMISEC CRITICAL
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
by dcm2406
CVSS 10.0
CVE-2019-2215 NOMISEC HIGH
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
by stevejubx
13 stars
CVSS 7.8
CVE-2023-23752 NOMISEC MEDIUM
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by TindalyTn
1 stars
CVSS 5.3
CVE-2018-1133 NOMISEC HIGH
Moodle 3.1.0-3.1.11, 3.1-3.1.12 - Remote Code Execution via Calculated Question Eval Injection
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
by That-Guy-Steve
CVSS 8.8
CVE-2022-32118 NOMISEC MEDIUM
Arox School ERP Pro 1.0 - Cross-Site Scripting via dispatchcategory Parameter
Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
by JC175
1 stars
CVSS 6.1
CVE-2022-32119 NOMISEC HIGH
Arox School ERP Pro 1.0 - Arbitrary File Upload via Add Photo and Import Staff Excel Functions
Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.
by JC175
17 stars
CVSS 8.8
CVE-2023-4863 NOMISEC HIGH
Google Chrome <116.0.5845.187 - Buffer Overflow
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
by caoweiquan322
26 stars
CVSS 8.8
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by Trackflaw
7 stars
CVSS 9.8
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by SpamixOfficial
1 stars
CVSS 7.8
CVE-2023-22524 NOMISEC CRITICAL
Atlassian Companion 1.0.0-<2.0.0 - Remote Code Execution via WebSocket Bypass
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
by imperva
1 stars
CVSS 9.8
CVE-2023-50164 NOMISEC CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
by Thirukrishnan
1 stars
CVSS 9.8
CVE-2023-49989 NOMISEC CRITICAL
Hotel Booking Management v1.0 - SQL Injection via update.php id Parameter
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php.
by geraldoalcantara
1 stars
CVSS 9.8
CVE-2023-49988 NOMISEC HIGH
Hotel Booking Management v1.0 - SQL Injection via npss Parameter
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php.
by geraldoalcantara
CVSS 7.5
CVE-2023-49985 NOMISEC MEDIUM
School Fees Management System 1.0 - Stored Cross-Site Scripting via cname Parameter
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter.
by geraldoalcantara
CVSS 6.5
CVE-2023-49984 NOMISEC MEDIUM
School Fees Management System 1.0 - Stored Cross-Site Scripting via Name Parameter in Settings
A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
by geraldoalcantara
CVSS 6.1
CVE-2023-49983 NOMISEC MEDIUM
School Fees Management System 1.0 - Stored Cross-Site Scripting via Name Parameter
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
by geraldoalcantara
CVSS 6.8
CVE-2023-49981 NOMISEC HIGH
School Fees Management System 1.0 - Unauthenticated Directory Listing
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
by geraldoalcantara
CVSS 7.5
CVE-2023-49973 NOMISEC MEDIUM
Customer Support System v1 - Cross-Site Scripting via Email Parameter
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
by geraldoalcantara
CVSS 6.1
CVE-2023-49971 NOMISEC MEDIUM
Customer Support System 1 - Stored Cross-Site Scripting via Firstname Parameter
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
by geraldoalcantara
CVSS 6.1
CVE-2023-49970 NOMISEC CRITICAL
Customer Support System v1 - SQL Injection via Subject Parameter
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket.
by geraldoalcantara
CVSS 9.8
CVE-2023-49969 NOMISEC MEDIUM
Customer Support System v1 - SQL Injection via id Parameter
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.
by geraldoalcantara
CVSS 4.3
CVE-2023-49968 NOMISEC HIGH
Customer Support System v1 - SQL Injection via id Parameter
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php.
by geraldoalcantara
CVSS 7.3