Nomisec Exploits

22,803 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-15896 NOMISEC CRITICAL
LifterLMS <3.34.5 - Privilege Escalation
An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.
by RandomRobbieBF
CVSS 9.8
CVE-2022-24637 NOMISEC CRITICAL
Open Web Analytics <1.7.4 - Info Disclosure
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
by 0xRyuk
1 stars
CVSS 9.8
CVE-2022-2588 NOMISEC MEDIUM
Linux Kernel < 4.9.326 - Use-After-Free in cls_route Filter Implementation
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
by veritas501
11 stars
CVSS 5.3
CVE-2023-36874 NOMISEC HIGH
Windows Error Reporting Service - Privilege Escalation
Windows Error Reporting Service Elevation of Privilege Vulnerability
by crisprss
2 stars
CVSS 7.8
CVE-2023-21554 NOMISEC CRITICAL
CVE-2023-21554 - QueueJumper - MSMQ RCE Check
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
by 3tternp
24 stars
CVSS 9.8
CVE-2018-9995 NOMISEC CRITICAL
TBK DVR4104 and DVR4216 - Unauthenticated Authentication Bypass via Cookie Header
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
by K3ysTr0K3R
8 stars
CVSS 9.8
CVE-2023-29409 NOMISEC MEDIUM
GO < 1.19.12 - Denial of Service
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
by mateusz834
1 stars
CVSS 5.3
CVE-2023-5546 NOMISEC MEDIUM
Moodle 4.0.0-4.0.10 and <4.3.0-rc2 - Stored Cross-Site Scripting in Quiz Grading Report ID Numbers
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
by obelia01
CVSS 4.3
CVE-2023-20562 NOMISEC HIGH
AMD uProf < 4.1.396 - Authenticated Arbitrary Kernel Execution via IOCTL Input Buffer
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
by passwa11
4 stars
CVSS 7.8
CVE-2023-20562 NOMISEC HIGH
AMD uProf < 4.1.396 - Authenticated Arbitrary Kernel Execution via IOCTL Input Buffer
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
by zeze-zeze
61 stars
CVSS 7.8
CVE-2021-3560 NOMISEC HIGH
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
by pashayogi
CVSS 7.8
CVE-2021-22555 NOMISEC HIGH
Netfilter x_tables Heap OOB Write Privilege Escalation
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
by pashayogi
CVSS 8.3
CVE-2021-34527 NOMISEC HIGH
Windows Print Spooler - Remote Code Execution via Privileged File Operations
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p> <p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong>: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):</p> <ul> <li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li> <li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li> <li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li> </ul> <p><strong>Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.</strong></p> <p>UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href="https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>.</p> <p>Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.</p>
by d0rb
CVSS 8.8
CVE-2023-37979 NOMISEC HIGH
Ninja Forms < 3.6.26 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
by d0rb
2 stars
CVSS 7.1
CVE-2023-39708 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add New Parameter
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.
by Arajawat007
CVSS 6.1
CVE-2023-39707 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add Expense Parameter
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.
by Arajawat007
CVSS 5.4
CVE-2023-39714 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored XSS via Name, Address, and Company Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section.
by Arajawat007
CVSS 6.1
CVE-2023-39712 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored XSS via Name, Address, and Company Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.
by Arajawat007
CVSS 6.1
CVE-2023-39709 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add Member Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.
by Arajawat007
CVSS 6.1
CVE-2023-39711 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Subtotal and Paidbill Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.
by Arajawat007
CVSS 6.1
CVE-2023-39710 NOMISEC MEDIUM
Free and Open Source Inventory Management System 1.0 - Stored Cross-Site Scripting via Add Customer Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.
by Arajawat007
CVSS 6.1
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by kh4sh3i
8 stars
CVSS 9.8
CVE-2023-24329 NOMISEC HIGH
Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
by Pandante-Central
CVSS 7.5
CVE-2023-38890 NOMISEC HIGH
Online Shopping Portal Project 3.1 - SQL Injection
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
by akshadjoshi
CVSS 8.8
CVE-2022-45808 NOMISEC CRITICAL
LearnPress - WordPress LMS Plugin <= 4.1.7.3.2 - SQL Injection
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
by RandomRobbieBF
CVSS 9.9