Nomisec Exploits

22,800 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-34523 NOMISEC CRITICAL
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
by SUPRAAA-1337
2 stars
CVSS 9.0
CVE-2017-0199 NOMISEC HIGH
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
by TheCyberWatchers
CVSS 7.8
CVE-2022-22965 NOMISEC CRITICAL
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by sohamsharma966
CVSS 9.8
CVE-2019-16098 NOMISEC HIGH
Micro-Star MSI Afterburner 4.6.2.15658 - Privilege Escalation
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
by 0xDivyanshu-new
6 stars
CVSS 7.8
CVE-2023-38829 NOMISEC HIGH
NETIS SYSTEMS WF2409E <3.6.42541 - RCE
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
by adhikara13
1 stars
CVSS 8.8
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by CharonDefalt
CVSS 9.8
CVE-2023-40869 NOMISEC MEDIUM
mooSocial 3.1.6-3.1.7 - Cross-Site Scripting via edit_menu, copuon, and group_categorias Functions
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.
by MinoTauro2020
1 stars
CVSS 6.1
CVE-2023-40868 NOMISEC HIGH
mooSocial Demo - Cross-Site Request Forgery via Delete Account and Deactivate Functions
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.
by MinoTauro2020
1 stars
CVSS 8.8
CVE-2021-39473 NOMISEC MEDIUM
Saibamen HotelManager v1.2 - Stored Cross-Site Scripting via Comment and Contact Fields
Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.
by BrunoTeixeira1996
CVSS 5.4
CVE-2023-36250 NOMISEC HIGH
GNOME time tracker <3.0.2 - Code Injection
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
by BrunoTeixeira1996
3 stars
CVSS 7.8
CVE-2016-6210 NOMISEC MEDIUM
OpenSSH < 7.2 - User Enumeration via Timing Attack on Password Hashing
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
by samh4cks
1 stars
CVSS 5.9
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by mandiant
66 stars
CVSS 9.8
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by Mich-ele
3 stars
CVSS 7.8
CVE-2023-41646 NOMISEC MEDIUM
Buttercup v2.20.3 - Info Disclosure
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/
by tristao-io
CVSS 5.3
CVE-2023-34039 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
by sinsinology
96 stars
CVSS 9.8
CVE-2023-26469 NOMISEC CRITICAL
Jorani 1.0.0 - Path Traversal and Remote Code Execution
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
by d0rb
1 stars
CVSS 9.8
CVE-2023-4696 NOMISEC CRITICAL
memos < 0.13.2 - Improper Access Control
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
by mnqazi
CVSS 9.8
CVE-2023-38831 NOMISEC HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by z3r0sw0rd
6 stars
CVSS 7.8
CVE-2023-4166 NOMISEC MEDIUM
Tongda OA - SQL Injection via DELETE_STR Parameter in delete_log.php
A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by mvpyyds
1 stars
CVSS 5.5
CVE-2023-4165 NOMISEC MEDIUM
Tongda OA - SQL Injection via DELETE_STR Parameter in delete_seal.php
A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by mvpyyds
CVSS 5.5
CVE-2020-19360 NOMISEC HIGH
FHEM 6.0 - Local File Inclusion via FileLog_logWrapper File Parameter
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
by zzzz966
CVSS 7.5
CVE-2023-36281 NOMISEC CRITICAL
langchain < 0.0.312 - Remote Code Execution via load_prompt JSON File
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
by tagomaru
2 stars
CVSS 9.8
CVE-2023-3836 NOMISEC MEDIUM
Dahua Smart Park Management <20230713 - Unrestricted Upload
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by zh-byte
CVSS 6.3
CVE-2023-26256 NOMISEC HIGH
STAGIL Navigation for Jira <2.0.52 - Path Traversal
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
by jcad123
3 stars
CVSS 7.5
CVE-2023-3450 NOMISEC MEDIUM
Ruijie RG-BCR860 2.5.13 - OS Command Injection via Network Diagnostic Page
A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by yuanjinyuyuyu
1 stars
CVSS 4.7