Nomisec Exploits
21,871 exploits tracked across all sources.
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by libasv
CVSS 6.1
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by libasmon
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by libas7994
CVSS 6.1
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by mallutrojan
CVSS 6.1
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by libasmon
CVSS 6.1
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by libasmon
CVSS 6.1
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
by Le1a
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by libas7994
CVSS 6.1
Parks Fiberlink 210 <V2.1.14_X000 - Command Injection
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.
by Chocapikk
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by M0sterHxck
Parks Fiberlink 210 <V2.1.14_X000 - Command Injection
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.
by tucommenceapousser
Vmware Spring Cloud Function < 3.1.6 - Remote Code Execution
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
by nikn0laty
CVSS 9.8
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by Anandhu990
CVSS 6.1
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by kuttappu123
Tuzitio Camaleon Cms < 2.7.0 - Code Injection
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
by paragbagul111
Netfilter x_tables Heap OOB Write Privilege Escalation
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
by masjohncook
Digitaldruid Hoteldruid - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
by jichngan
Group-office Group Office - XSS
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
by tucommenceapousser
CVSS 6.1
FreeSWITCH <1.10.1 - Info Disclosure
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
by Chocapikk
Ourphp < 7.2.0 - XSS
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by Rishipatidar
Inspireui Mstore API < 3.9.2 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
by RandomRobbieBF
CVE-2007-5962
NOMISEC
vsftpd <2.0.5 - DoS
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
by antogit-sys
1 stars
Powerjob - Incorrect Default Permissions
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
by P4x1s
Delta DX-3021 <1.24 - Command Injection
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to
command injection through the network diagnosis page. This vulnerability
could allow a remote unauthenticated user to add files, delete files,
and change file permissions.
by ahanel13
CVSS 7.2
Pocoo Jinja2 - Code Injection
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
by adindrabkin
CVSS 9.8
By Source