Nomisec Exploits

22,803 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-2033 NOMISEC HIGH
Google Chrome < 112.0.5615.121 - Remote Code Execution via V8 Type Confusion
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by sandumjacob
19 stars
CVSS 8.8
CVE-2021-34621 NOMISEC CRITICAL
ProfilePress 3.0.0-3.1.3 - Unauthenticated Privilege Escalation via Registration
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
by K3ysTr0K3R
CVSS 9.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by cowsecurity
CVSS 6.5
CVE-2022-44268 NOMISEC MEDIUM
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
by chairat095
2 stars
CVSS 6.5
CVE-2017-3164 NOMISEC HIGH
Apache Solr 1.3.0-7.6.0 - Server-Side Request Forgery via Shards Parameter
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
by tdwyer
2 stars
CVSS 7.5
CVE-2023-36899 NOMISEC HIGH
.NET Framework - Elevation of Privilege via ASP.NET
ASP.NET Elevation of Privilege Vulnerability
by d0rb
4 stars
CVSS 8.8
CVE-2021-41773 NOMISEC CRITICAL
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by belajarqywok
6 stars
CVSS 9.8
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by robotmikhro
27 stars
CVSS 9.8
CVE-2020-10128 NOMISEC MEDIUM
SearchBlox < 9.2.1 - Stored Cross-Site Scripting via Multiple User Input Parameters
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
by InfoSec4Fun
CVSS 5.4
CVE-2020-10131 NOMISEC CRITICAL
SearchBlox < 9.2.1 - CSV Macro Injection via Featured Results Parameter
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
by InfoSec4Fun
CVSS 9.8
CVE-2020-10132 NOMISEC MEDIUM
SearchBlox < 9.1 - Cross-Site Scripting via CORS Misconfiguration
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
by InfoSec4Fun
CVSS 6.1
CVE-2020-10130 NOMISEC HIGH
SearchBlox < 9.1 - Unauthenticated Business Logic Bypass for Super Admin Creation
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
by InfoSec4Fun
CVSS 8.8
CVE-2020-10129 NOMISEC HIGH
SearchBlox < 9.2.1 - Privilege Escalation to Admin
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
by InfoSec4Fun
CVSS 8.8
CVE-2023-4174 NOMISEC LOW
mooSocial mooStore 3.1.6 - Cross-Site Scripting
A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.
by d0rb
CVSS 3.5
CVE-2023-33246 NOMISEC CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
by d0rb
1 stars
CVSS 9.8
CVE-2023-37068 NOMISEC CRITICAL
Gym Management System V1.0 - SQL Injection via Login Form
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.
by riteshs4hu
CVSS 9.8
CVE-2023-38646 NOMISEC CRITICAL
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
by raytheon0x21
CVSS 9.8
CVE-2023-4460 NOMISEC MEDIUM
Uploading SVG, WEBP and ICO files < 1.2.1 - Authenticated Stored Cross-Site Scripting via SVG Upload
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
by 0xn4d
CVSS 5.4
CVE-2023-39526 NOMISEC CRITICAL
PrestaShop <1.7.8.10, 8.0.5, <8.1.1 - Remote Code Execution via SQL Injection and Arbitrary File Write
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
by dnkhack
3 stars
CVSS 9.1
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by rwincey
1 stars
CVSS 9.8
CVE-2023-34312 NOMISEC HIGH
Tencent QQ <9.7.8.29039 & TIM <3.4.7.22084 - Memory Corruption
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.
by lan1oc
8 stars
CVSS 7.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by rvzsec
2 stars
CVSS 6.5
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by rvizx
2 stars
CVSS 6.5
CVE-2021-24356 NOMISEC HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.4 - Authenticated Arbitrary Plugin Activation via AJAX Action
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
by RandomRobbieBF
CVSS 8.8
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by entr0pie
30 stars
CVSS 6.5