Nomisec Exploits
22,778 exploits tracked across all sources.
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter.
by ersinerenler
CVSS 5.5
Android 11-12L - Local Privilege Escalation via HierarchicalUri.readFrom Input Validation
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843
by Satheesh575555
CVSS 3.3
Code-Projects Blood Bank 1.0 - Stored Cross-Site Scripting via updateprofile.php Parameters
Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters.
by ersinerenler
CVSS 6.1
Code-Projects Blood Bank 1.0 - Cross-Site Scripting via 'error' Parameter in abs.php
Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter.
by ersinerenler
CVSS 6.1
Code-Projects Blood Bank 1.0 - SQL Injection
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter.
by ersinerenler
CVSS 5.5
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.
by ersinerenler
CVSS 5.5
Code-Projects Blood Bank 1.0 - Cross-Site Scripting via Search Parameter
Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL.
by ersinerenler
CVSS 6.1
Code-Projects Blood Bank 1.0 - Cross-Site Scripting via 'msg' Parameter
Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL.
by ersinerenler
CVSS 6.1
StellarWP Membership Plugin - Restrict Content <= 3.2.7 - Exposure of Sensitive Information via Log File
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.
by RandomRobbieBF
CVSS 5.3
Sourcecodester Sticky Notes App Using PHP with Source Code 1.0 - Cross-Site Request Forgery via add-note.php
A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php.
by emirhanerdogu
Code-Projects Blood Bank 1.0 - SQL Injection
SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.
by ersinerenler
CVSS 5.5
Varnish Cache 7.x < 7.1.2 and 7.2.x < 7.2.1 - HTTP Request Smuggling via Hop-by-Hop Header Handling
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.
by martinvks
CVSS 7.5
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by justakazh
Splunk Enterprise <9.0.5 - Privilege Escalation
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
by 9xN
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by zangcc
EspoCRM < 7.5.2 - Authenticated Arbitrary PHP Code Execution via Extension Deployment Form
An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution.
by ll104567
CVSS 4.7
iOS <16.6.1- Ventura <13.5.2 - Buffer Overflow
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
by MrR0b0t19
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
by teraGL
BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
by Cyber-Wo0dy
CVSS 6.1
Statamic < 3.4.13 and 4.0.0-4.33.0 - Unrestricted Upload of File with Dangerous Type via Front-End Forms
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.
by Cyber-Wo0dy
ThemeIsle Cloud Templates & Patterns collection <= 1.2.2 - Exposure of Sensitive Information via Log File
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.
by RandomRobbieBF
Windows Common Log File System Driver - Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by Danasuley
CVSS 7.8
nginx 0.6.18-1.20.0 - Denial of Service via DNS Resolver Off-by-one Error
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
by M507
Linux Kernel 3.13-4.14.322 - Out-of-bounds Write in nftables nft_byteorder
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
by synacktiv
GO < 1.19.11 - Interpretation Conflict
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
by LuizGustavoP
CVSS 6.5
By Source