Nomisec Exploits

21,883 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-21768 NOMISEC HIGH
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by cl4ym0re
27 stars
CVSS 7.8
CVE-2017-1000251 NOMISEC HIGH
Linux Kernel <4.14 - RCE
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
by hayzamjs
17 stars
CVSS 8.0
CVE-2019-15107 NOMISEC CRITICAL
Webmin < 1.920 - OS Command Injection
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by wenruoya
2 stars
CVSS 9.8
CVE-2023-21716 NOMISEC CRITICAL
Microsoft Word - RCE
Microsoft Word Remote Code Execution Vulnerability
by P4x1s
CVSS 9.8
CVE-2022-47986 NOMISEC CRITICAL
IBM Aspera Faspex < 4.4.1 - Insecure Deserialization
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
by mauricelambert
1 stars
CVSS 9.8
CVE-2022-2588 NOMISEC MEDIUM
Linux kernel - Use After Free
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
by dom4570
CVSS 5.3
CVE-2006-3392 NOMISEC
Webmin <1.290 - Info Disclosure
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
by IvanGlinkin
14 stars
CVE-2022-1386 NOMISEC CRITICAL
Fusion Builder < 3.6.2 - SSRF
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
by ardzz
9 stars
CVSS 9.8
CVE-2022-4395 NOMISEC CRITICAL
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
by MrG3P5
7 stars
CVSS 9.8
CVE-2021-22205 NOMISEC CRITICAL
Gitlab < 13.8.8 - Code Injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
by sei-fish
CVSS 10.0
CVE-2021-1732 NOMISEC HIGH
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
by 4dp
4 stars
CVSS 7.8
CVE-2023-22551 NOMISEC HIGH
FTP < 2012-03-28 - Denial of Service
The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not.
by viswagb
CVSS 7.5
CVE-2007-2447 NOMISEC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by bdunlap9
CVE-2025-24293 NOMISEC CRITICAL
Rubygems Activestorage < 8.0.2.1 - Command Injection
# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. Impact ------ This vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor. Vulnerable code will look something similar to this: ``` <%= image_tag blob.variant(params[:t] => params[:v]) %> ``` Where the transformation method or its arguments are untrusted arbitrary input. All users running an affected release should either upgrade or use one of the workarounds immediately. Workarounds ----------- Consuming user supplied input for image transformation methods or their parameters is unsupported behavior and should be considered dangerous. Strict validation of user supplied methods and parameters should be performed as well as having a strong [ImageMagick security policy](https://imagemagick.org/script/security-policy.php) deployed. Credits ------- Thank you [lio346](https://hackerone.com/lio346) for reporting this!
by usutani
CVE-2024-26144 NOMISEC MEDIUM
Rails < 6.1.7.7 - Information Disclosure
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.
by usutani
CVSS 5.3
CVE-2022-21831 NOMISEC CRITICAL
Rubyonrails Active Storage < 5.2.6.3 - Code Injection
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
by usutani
CVSS 9.8
CVE-2020-8162 NOMISEC HIGH
Rails <5.2.4.2, <6.0.3.1 - Info Disclosure
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
by usutani
CVSS 7.5
CVE-2022-1386 NOMISEC CRITICAL
Fusion Builder < 3.6.2 - SSRF
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
by im-hanzou
6 stars
CVSS 9.8
CVE-2023-24055 NOMISEC MEDIUM
KeePass <2.53 - Info Disclosure
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
by Cyb3rtus
1 stars
CVSS 5.5
CVE-2023-21716 NOMISEC CRITICAL
Microsoft Word - RCE
Microsoft Word Remote Code Execution Vulnerability
by Xnuvers007
46 stars
CVSS 9.8
CVE-2023-23752 NOMISEC MEDIUM
Joomla! < 4.2.8 - Improper Access Control
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by adriyansyah-mf
CVSS 5.3
CVE-2023-25136 NOMISEC MEDIUM
Openbsd Openssh - Double Free
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
by Christbowel
106 stars
CVSS 6.5
CVE-2022-35649 NOMISEC CRITICAL
Moodle - RCE
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
by antoinenguyen-09
CVSS 9.8
CVE-2023-21716 NOMISEC CRITICAL
Microsoft Word - RCE
Microsoft Word Remote Code Execution Vulnerability
by FeatherStark
4 stars
CVSS 9.8
CVE-2013-1763 NOMISEC
Linux Kernel < 3.4.34 - Improper Input Validation
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by qkrtjsrbs315
By Source
All 21,883 Writeup 60,344 Exploitdb 50,009 Nomisec 21,883 Metasploit 3,225 Github 2,709 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,029 ruby 5,914 c 3,575 perl 2,849 html 2,053 php 1,326 bash 460 java 364 c++ 251 javascript 220 shell 95 go 61 postscript 25 xml 24