Nomisec Exploits

22,804 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by telekom-security
53 stars
CVSS 9.8
CVE-2020-5842 NOMISEC MEDIUM
Codoforum 4.8.3 - Stored Cross-Site Scripting via User Registration Username Field
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
by prasanthc41m
1 stars
CVSS 6.1
CVE-2022-44268 NOMISEC MEDIUM
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
by fanbyprinciple
1 stars
CVSS 6.5
CVE-2023-35885 NOMISEC CRITICAL
CloudPanel 2.0.0-2.3.0 - Unauthenticated Remote Code Execution via File Manager Cookie
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
by datackmy
56 stars
CVSS 9.8
CVE-2023-28121 NOMISEC CRITICAL
WooCommerce Payments < 4.8.2 and WooPayments < 5.6.2 - Unauthenticated Privilege Escalation via Request Forgery
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
by C04LA
CVSS 9.8
CVE-2023-37786 NOMISEC MEDIUM
Geeklog 2.2.2 - Stored Cross-Site Scripting via Mail Settings Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.
by Phamchie
1 stars
CVSS 4.8
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by securekomodo
85 stars
CVSS 9.8
CVE-2008-5862 NOMISEC
webcamXP <5.3.2.410 - Path Traversal
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.
by K3ysTr0K3R
2 stars
CVE-2010-4231 NOMISEC
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Path Traversal via URI
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by K3ysTr0K3R
3 stars
CVE-2023-28467 NOMISEC MEDIUM
MyBB < 1.8.34 - Stored Cross-Site Scripting via User CP Email Field
In MyBB before 1.8.34, there is XSS in the User CP module via the user email field.
by ahmetaltuntas
4 stars
CVSS 6.1
CVE-2023-32681 NOMISEC MEDIUM
Requests 2.3.0-2.31.0 - Proxy-Authorization Header Leak via HTTPS Redirect
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
by hardikmodha
4 stars
CVSS 6.1
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by seanrdev
4 stars
CVSS 6.5
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by KR0N-SECURITY
1 stars
CVSS 9.8
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by SalehLardhi
11 stars
CVSS 9.8
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by Muhammad-Ali007
CVSS 10.0
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by d0rb
CVSS 9.8
CVE-2023-3519 NOMISEC CRITICAL
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by mr-r3b00t
14 stars
CVSS 9.8
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by Maxwitat
27 stars
CVSS 7.5
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by ToddMaxey
CVSS 7.5
CVE-2023-31753 NOMISEC CRITICAL
eNdonesia 8.7 - SQL Injection via diskusi.php rid Parameter
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.
by KIL0BYT3X
CVSS 9.8
CVE-2022-22822 NOMISEC CRITICAL
libexpat < 2.4.3 - Integer Overflow in addBinding
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
by nanopathi
CVSS 9.8
CVE-2021-4034 NOMISEC HIGH
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by Y3A
4 stars
CVSS 7.8
CVE-2021-23017 NOMISEC HIGH
nginx 0.6.18-1.20.0 - Denial of Service via DNS Resolver Off-by-one Error
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
by lakshit1212
1 stars
CVSS 7.7
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by overgrowncarrot1
CVSS 6.5
CVE-2023-34362 NOMISEC CRITICAL
MOVEit SQL Injection vulnerability
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
by toorandom
1 stars
CVSS 9.8