Nomisec Exploits

22,778 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-23583 NOMISEC HIGH
Intel Core i3/i5/i7 10th Gen Firmware - Unauthenticated Privilege Escalation and Information Disclosure via Local Access
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
by Mav3r1ck0x1
CVSS 8.8
CVE-2023-3452 NOMISEC CRITICAL
Canto plugin for WordPress <=3.0.4 - RCE
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.
by leoanggal1
16 stars
CVSS 9.8
CVE-2022-41853 NOMISEC HIGH
HSQLDB <2.7.1 - Remote Code Execution via Untrusted SQL Method Calls
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
by mbadanoiu
2 stars
CVSS 8.0
CVE-2020-29607 NOMISEC HIGH
Pluck CMS < 4.7.13 - Authenticated Remote Code Execution via File Upload Restriction Bypass
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
by 0xN7y
1 stars
CVSS 7.2
CVE-2020-2551 NOMISEC CRITICAL
Oracle WebLogic Server <12.2.1.4 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by 0xn0ne
2,072 stars
CVSS 9.8
CVE-2019-2618 NOMISEC MEDIUM
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N).
by 0xn0ne
2,072 stars
CVSS 5.5
CVE-2018-2628 NOMISEC CRITICAL
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by 0xn0ne
2,072 stars
CVSS 9.8
CVE-2017-3248 NOMISEC CRITICAL
Oracle WebLogic Server <12.2.1.1 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
by 0xn0ne
2,072 stars
CVSS 9.8
CVE-2016-0638 NOMISEC CRITICAL
Oracle WebLogic Server - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.
by 0xn0ne
2,072 stars
CVSS 9.8
CVE-2014-4210 NOMISEC
Oracle WebLogic Server <10.3.6.0 - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
by 0xn0ne
2,072 stars
CVE-2021-46364 NOMISEC HIGH
Magnolia CMS < 6.2.4 - Remote Code Execution via Snake YAML Deserialization
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
by mbadanoiu
1 stars
CVSS 7.8
CVE-2023-40037 NOMISEC MEDIUM
Apache NiFi 1.21.0-1.23.0 - Authenticated Connection URL Validation Bypass via Custom Input Formatting
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.
by mbadanoiu
CVSS 6.5
CVE-2023-26269 NOMISEC HIGH
Apache James <3.7.3 - Privilege Escalation
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
by mbadanoiu
2 stars
CVSS 7.8
CVE-2023-41064 NOMISEC HIGH
iOS <16.6.1- Ventura <13.5.2 - Buffer Overflow
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
by MrR0b0t19
CVSS 7.8
CVE-2023-2598 NOMISEC HIGH
Linux Kernel 6.3-6.3.2 - Use-After-Free in io_uring Buffer Registration
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
by ysanatomic
92 stars
CVSS 7.8
CVE-2023-1521 NOMISEC HIGH
sccache < 0.4.0 - LD_PRELOAD Local Privilege Escalation
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.
by rubbxalc
CVSS 7.8
CVE-2016-1000027 NOMISEC CRITICAL
Pivotal Spring Framework <5.3.16 - RCE
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
by tina94happy
2 stars
CVSS 9.8
CVE-2023-47246 NOMISEC CRITICAL
SysAid < 23.3.36 - Path Traversal and Remote Code Execution via Tomcat Webroot File Write
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
by tucommenceapousser
1 stars
CVSS 9.8
CVE-2023-20911 NOMISEC HIGH
Android - Local Privilege Escalation via Permission Settings Exhaustion
In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498
by Trinadh465
1 stars
CVSS 7.8
CVE-2022-36804 NOMISEC HIGH
Atlassian Bitbucket Server/Data Center <7.6.17/<7.17.10/<7.21.4/<8....
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
by benjaminhays
16 stars
CVSS 8.8
CVE-2023-22515 NOMISEC CRITICAL
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
by killvxk
CVSS 9.8
CVE-2023-32571 NOMISEC CRITICAL
System.Linq.Dynamic.Core 1.0.7.10-1.2.25 - Remote Code Execution via Untrusted Input Parsing
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
by Tris0n
8 stars
CVSS 9.8
CVE-2023-36427 NOMISEC HIGH
Windows Hyper-V - Privilege Escalation
Windows Hyper-V Elevation of Privilege Vulnerability
by tandasat
90 stars
CVSS 7.0
CVE-2022-1364 NOMISEC HIGH
Google Chrome < 100.0.4896.127 - Type Confusion in V8 Turbofan
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by A1Lin
2 stars
CVSS 8.8
CVE-2023-47246 NOMISEC CRITICAL
SysAid < 23.3.36 - Path Traversal and Remote Code Execution via Tomcat Webroot File Write
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
by rainbowhatrkn
CVSS 9.8