Nomisec Exploits
21,865 exploits tracked across all sources.
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
by ChineseOldboy
Ruby On Rails File Content Disclosure (
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
by ztgrace
CVSS 7.5
Windows Search - RCE
Windows Search Remote Code Execution Vulnerability
by deepinstinct
CVE-2002-0748
NOMISEC
National Instruments Labview - Denial of Service
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
by fauzanwijaya
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by asepsaepdin
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
by asepsaepdin
Weberp - SQL Injection
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by alealeluyah
Weberp - SQL Injection
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by alebrestado
Weberp - SQL Injection
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by 808ale
Oretnom23 Online Computer And Laptop Store - Incorrect Authorization
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.
by d34dun1c02n
CVSS 9.8
Sourcecodester Task Reminder System 1.0 - XSS
A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.
by d34dun1c02n
CVSS 5.4
Ultimate Member <2.6.7 - Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
by diego-tella
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by SudeepaShiranthaka
CVSS 9.8
ShareFile - RCE
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
by adhikara13
Monsterinsights < 8.9.1 - XSS
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
by RandomRobbieBF
Extremenetworks IQ Engine < 10.6r2 - Buffer Overflow
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
by lachlan2k
Dlink Dap-2622 Firmware < 1.10b03r022 - Out-of-Bounds Write
D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-20071.
by ADSSA-IT
CVSS 8.8
Automattic Woocommerce Payments < 4.8.2 - Authentication Bypass
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
by rio128128
Spip < 3.2.18 - Insecure Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
by izzz0
Snapdragon - Memory Corruption
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
by diabl0w
Linux kernel - DoS
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.
by TurtleARM
Microsoft Binwalk < 2.3.3 - Path Traversal
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
by Kalagious
Fortinet Fortiproxy < 1.1.6 - Out-of-Bounds Write
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
by TechinsightsPro
Microsoft Windows Server 2012 - Remote Code Execution
Windows Network File System Remote Code Execution Vulnerability
by fortra
Microsoft Windows 10 1507 < 10.0.10240.19444 - Out-of-Bounds Write
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by fortra
By Source