Nomisec Exploits

22,796 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-0315 NOMISEC HIGH
Android 8.0-11 - Tapjacking/Overlay Attack via GrantCredentialsPermissionActivity
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814.
by nanopathi
CVSS 7.3
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by malvika-thakur
3 stars
CVSS 7.8
CVE-2023-35687 NOMISEC HIGH
Android - Use-After-Free in MtpPropertyValue
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
by pazhanivel07
CVSS 7.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by Hamibubu
CVSS 6.5
CVE-2022-26134 NOMISEC CRITICAL
Confluence - Remote Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
by acfirthh
1 stars
CVSS 9.8
CVE-2020-24088 NOMISEC HIGH
Foxconn Live Update Utility <2.1.6.26 - Privilege Escalation
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.
by rjt-gupta
CVSS 7.8
CVE-2020-24089 NOMISEC MEDIUM
IOBit Malware Fighter 8.0.2 - Denial of Service via ImfHpRegFilter.sys
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
by rjt-gupta
1 stars
CVSS 5.5
CVE-2023-3076 NOMISEC CRITICAL
WordPress MStore API <3.9.9 - Privilege Escalation
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.
by im-hanzou
16 stars
CVSS 9.8
CVE-2015-3306 NOMISEC
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by hackarada
CVE-2023-36109 NOMISEC CRITICAL
JerryScript 3.0 - Buffer Overflow via ecma_stringbuilder_append_raw
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
by Limesss
2 stars
CVSS 9.8
CVE-2023-36844 NOMISEC MEDIUM
Juniper Networks Junos OS on EX Series <20.4R3-S9 - PHP External Variable Modification
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by Ap0dexMe0
CVSS 5.3
CVE-2023-36844 NOMISEC MEDIUM
Juniper Networks Junos OS on EX Series <20.4R3-S9 - PHP External Variable Modification
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by ThatNotEasy
CVSS 5.3
CVE-2017-17562 NOMISEC HIGH
Embedthis GoAhead <3.6.5 - Remote Code Execution
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
by nu11pointer
7 stars
CVSS 8.1
CVE-2023-43876 NOMISEC MEDIUM
October CMS 3.4.16 - Cross-Site Scripting via Installation dbhost Field
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
by sromanhu
CVSS 5.4
CVE-2023-43875 NOMISEC MEDIUM
Subrion CMS 4.2.1 - Reflected Cross-Site Scripting via Installation Parameters
Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail.
by sromanhu
CVSS 6.1
CVE-2020-4463 NOMISEC HIGH
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 - XML External Entity Injection
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.
by Ibonok
52 stars
CVSS 8.2
CVE-2023-43873 NOMISEC MEDIUM
e107 CMS 2.3.2 - Stored Cross-Site Scripting via Manage Menu Name Field
A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
by sromanhu
CVSS 5.4
CVE-2023-43874 NOMISEC MEDIUM
e107 CMS 2.3.2 - Stored Cross-Site Scripting in Meta & Custom Tags Menu
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
by sromanhu
CVSS 5.4
CVE-2023-43871 NOMISEC MEDIUM
WBCE CMS 1.6.1 - Stored Cross-Site Scripting via PDF File Upload
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
by sromanhu
CVSS 5.4
CVE-2023-43872 NOMISEC MEDIUM
CMS Made Simple 2.2.18 - Stored Cross-Site Scripting via PDF File Upload
A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
by sromanhu
CVSS 5.4
CVE-2023-36319 NOMISEC HIGH
Openupload 0.4.3 - Remote Code Execution via Compress Action Parameter
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.
by Lowalu
CVSS 8.8
CVE-2023-27566 NOMISEC HIGH
Live2D Cubism Editor 4.2.03 - Out-of-bounds Write via MOC3 File Section Offset Table
Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.
by OpenL2D
95 stars
CVSS 7.8
CVE-2016-4622 NOMISEC HIGH
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
by saelo
109 stars
CVSS 8.8
CVE-2015-9235 NOMISEC CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
by Nxvh1337
3 stars
CVSS 9.8
CVE-2015-9235 NOMISEC CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
by WinDyAlphA
3 stars
CVSS 9.8