Nomisec Exploits

22,791 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-20198 NOMISEC CRITICAL
Cisco IOX XE Unauthenticated RCE Chain
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.
by RevoltSecurities
7 stars
CVSS 10.0
CVE-2023-47179 NOMISEC HIGH
WooODT Lite <= 2.4.6 - Missing Authorization
Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through <= 2.4.6.
by RandomRobbieBF
CVSS 8.8
CVE-2015-1788 NOMISEC
OpenSSL < 0.9.8s, 1.0.0 < 1.0.0e, 1.0.1 < 1.0.1n, 1.0.2 < 1.0.2b - Denial of Service via Malformed ECParameters
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
by pazhanivel07
CVE-2023-2640 NOMISEC HIGH
GameOver(lay) Privilege Escalation and Container Escape
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
by musorblyat
2 stars
CVSS 7.8
CVE-2021-28165 NOMISEC HIGH
Eclipse Jetty 7.2.2-9.4.38, 10.0.0.alpha0-10.0.1, 11.0.0.alpha0-11.0.1 - Denial of Service via Invalid TLS Frame
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
by uthrasri
CVSS 7.5
CVE-2023-5360 NOMISEC CRITICAL
WordPress Royal Elementor Addons RCE
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
by Chocapikk
9 stars
CVSS 9.8
CVE-2023-46747 NOMISEC CRITICAL
F5 BIG-IP 13.1.0-13.1.4 - Unauthenticated Remote Command Execution via Configuration Utility Bypass
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by nvansluis
7 stars
CVSS 9.8
CVE-2023-46974 NOMISEC MEDIUM
Best Courier Management System <1.000 - XSS
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.
by yte121
CVSS 5.4
CVE-2023-46980 NOMISEC CRITICAL
Best Courier Management System <1.0 - RCE
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.
by sajaljat
CVSS 9.8
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by jakabakos
41 stars
CVSS 7.5
CVE-2018-7854 NOMISEC HIGH
Modicon M580, M340, Quantum, and Premium - Denial of Service via Invalid Modbus Debug Parameters
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
by yanissec
CVSS 7.5
CVE-2023-46998 NOMISEC MEDIUM
BootBox Bootbox.js 3.2-6.0 - Cross-Site Scripting via alert(), confirm(), prompt() Functions
Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
by soy-oreocato
1 stars
CVSS 6.1
CVE-2023-25292 NOMISEC MEDIUM
Group-Office 6.6.145 - Reflected Cross-Site Scripting via GO_LANGUAGE Cookie
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
by brainkok
CVSS 6.1
CVE-2021-22205 NOMISEC CRITICAL
GitLab 11.9.0-13.8.7 - Unauthenticated Remote Code Execution via ExifTool Image Parsing
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
by NukingDragons
1 stars
CVSS 10.0
CVE-2019-1663 NOMISEC CRITICAL
Cisco RV110W RV130W RV215W - Unauthenticated Remote Code Execution via Web Management Interface
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
by StealYourCode
CVSS 9.8
CVE-2023-46747 NOMISEC CRITICAL
F5 BIG-IP 13.1.0-13.1.4 - Unauthenticated Remote Command Execution via Configuration Utility Bypass
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by fu2x2000
CVSS 9.8
CVE-2023-26048 NOMISEC MEDIUM
Eclipse Jetty < 9.4.51 - Denial of Service via Multipart Request with Large Content
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).
by Trinadh465
CVSS 5.3
CVE-2021-34428 NOMISEC LOW
Eclipse Jetty <= 9.4.40 - Insufficient Session Expiration via SessionListener Exception
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
by Trinadh465
CVSS 2.9
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by h3xecute
CVSS 7.8
CVE-2023-47355 NOMISEC HIGH
Eyuep Can Yilmaz [ROOT] Quick Reboot 1.0.8 - Unauthenticated Denial of Service via Exposed Broadcast Receivers
The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation.
by actuator
1 stars
CVSS 7.5
CVE-2023-47889 NOMISEC HIGH
BINHDRM26 1.0.3 - Privilege Escalation
The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.
by actuator
1 stars
CVSS 7.8
CVE-2020-9802 NOMISEC HIGH
iCloud < 7.19 - Remote Code Execution
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
by khcujw
1 stars
CVSS 8.8
CVE-2018-15473 NOMISEC MEDIUM
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by 4xolotl
CVSS 5.3
CVE-2023-46501 NOMISEC CRITICAL
BoltWire 6.03 - Unauthenticated Sensitive Information Disclosure and Password Change
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
by Cyber-Wo0dy
13 stars
CVSS 9.1
CVE-2023-5412 NOMISEC HIGH
Image horizontal reel scroll slideshow < 13.3 - Authenticated SQL Injection via Shortcode Parameter
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
by RandomRobbieBF
5 stars
CVSS 8.8