Nomisec Exploits

22,800 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-3560 NOMISEC HIGH
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
by asepsaepdin
CVSS 7.8
CVE-2021-3156 NOMISEC HIGH
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by asepsaepdin
CVSS 7.8
CVE-2019-0604 NOMISEC CRITICAL
Microsoft SharePoint - Remote Code Execution via Application Package Source Markup
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
by davidlebr1
CVSS 9.8
CVE-2019-14287 NOMISEC HIGH
Sudo <1.8.28 - Privilege Escalation
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
by Ijinleife
CVSS 8.8
CVE-2023-34600 NOMISEC CRITICAL
Adiscon LogAnalyzer < 4.1.13 - SQL Injection
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
by costacoco
CVSS 9.8
CVE-2023-34960 NOMISEC CRITICAL
Chamilo unauthenticated command injection in PowerPoint upload
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
by Mantodkaz
4 stars
CVSS 9.8
CVE-2023-4741 NOMISEC MEDIUM
IBOS OA 4.5.5 - SQL Injection in Delete Logs Handler
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=diary/default/del of the component Delete Logs Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-238630 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by wudidike
CVSS 6.3
CVE-2018-15473 NOMISEC MEDIUM
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by Sait-Nuri
43 stars
CVSS 5.3
CVE-2020-0069 NOMISEC HIGH
Mediatek Command Queue driver - Privilege Escalation
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
by 0xf15h
12 stars
CVSS 7.8
CVE-2023-4278 NOMISEC HIGH
MasterStudy LMS <3.0.18 - Info Disclosure
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
by revan-ar
CVSS 7.5
CVE-2023-4698 NOMISEC HIGH
memos < 0.13.2 - Improper Input Validation
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
by mnqazi
CVSS 7.5
CVE-2023-36143 NOMISEC HIGH
Maxprint Maxlink 1200G v3.4.11E - Command Injection
Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.
by RobinTrigon
CVSS 8.8
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by syedhafiz1234
1 stars
CVSS 9.8
CVE-2023-35001 NOMISEC HIGH
Linux Kernel 3.13-4.14.322 - Out-of-bounds Write in nftables nft_byteorder
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
by syedhafiz1234
7 stars
CVSS 7.8
CVE-2022-41082 NOMISEC HIGH
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
Microsoft Exchange Server Remote Code Execution Vulnerability
by SUPRAAA-1337
2 stars
CVSS 8.0
CVE-2022-24086 NOMISEC CRITICAL
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - RCE
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
by BurpRoot
CVSS 9.8
CVE-2022-21907 NOMISEC CRITICAL
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
by asepsaepdin
CVSS 9.8
CVE-2010-1240 NOMISEC
Adobe PDF Embedded EXE Social Engineering
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
by asepsaepdin
1 stars
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by Fa1c0n35
CVSS 7.8
CVE-2023-31346 NOMISEC MEDIUM
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.c - Privileged Stale Data Exposure via Uninitialized Memory
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
by Freax13
1 stars
CVSS 6.0
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by asepsaepdin
CVSS 7.8
CVE-2022-46689 NOMISEC HIGH
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
by tdquang266
1 stars
CVSS 7.0
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by Cyb3rEnthusiast
3 stars
CVSS 9.8
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by Toothless5143
2 stars
CVSS 7.8
CVE-2021-43798 NOMISEC HIGH
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
by victorhorowitz
CVSS 7.5