Nomisec Exploits

22,806 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-27163 NOMISEC MEDIUM
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
by overgrowncarrot1
CVSS 6.5
CVE-2023-34362 NOMISEC CRITICAL
MOVEit SQL Injection vulnerability
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
by toorandom
1 stars
CVSS 9.8
CVE-2022-36234 NOMISEC HIGH
SimpleNetwork TCP Server - Memory Corruption
SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.
by Halcy0nic
2 stars
CVSS 7.5
CVE-2023-37771 NOMISEC CRITICAL
Art Gallery Management System 1.0 - SQL Injection via cid Parameter
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
by anky-123
CVSS 9.8
CVE-2023-30765 NOMISEC HIGH
InfraSuite Device Master < 1.0.7 - Privilege Escalation via Improper Access Controls
​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.
by 0xfml
CVSS 8.8
CVE-2023-37582 NOMISEC CRITICAL
Apache RocketMQ - Remote Command Execution
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.
by Malayke
45 stars
CVSS 9.8
CVE-2022-30190 NOMISEC HIGH
Microsoft Office Word MSDTJS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
by Muhammad-Ali007
1 stars
CVSS 7.8
CVE-2022-33980 NOMISEC CRITICAL
Apache Commons Configuration <2.8 - RCE
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
by joseluisinigo
1 stars
CVSS 9.8
CVE-2023-38434 NOMISEC HIGH
xhttp 72f812d - Double Free in close_connection via Malformed HTTP Request Method
xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.
by Halcy0nic
1 stars
CVSS 7.5
CVE-2018-7600 NOMISEC CRITICAL
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
by thehappydinoa
7 stars
CVSS 9.8
CVE-2017-0148 NOMISEC HIGH
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
by HakaKali
CVSS 8.1
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by tarraschk
15 stars
CVSS 7.5
CVE-2023-36884 NOMISEC HIGH
Microsoft Windows Search - Remote Code Execution
Windows Search Remote Code Execution Vulnerability
by or2me
CVSS 7.5
CVE-2022-44268 NOMISEC MEDIUM
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
by narekkay
2 stars
CVSS 6.5
CVE-2023-32117 NOMISEC CRITICAL
SoftLab Integrate Google Drive - Info Disclosure
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
by RandomRobbieBF
6 stars
CVSS 9.8
CVE-2023-3640 NOMISEC HIGH
Linux Kernel - Unauthorized Memory Access via Per-CPU Entry Area Mapping
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
by pray77
29 stars
CVSS 7.0
CVE-2021-21311 NOMISEC HIGH
Adminer 4.0.0-4.7.8 - Server-Side Request Forgery
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
by omoknooni
3 stars
CVSS 7.2
CVE-2020-14882 NOMISEC CRITICAL
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Danny-LLi
2 stars
CVSS 9.8
CVE-2021-40449 NOMISEC HIGH
Windows 10 1507-21H1, Windows 11, Windows Server 2004-2019 - Use-After-Free in Win32k
Win32k Elevation of Privilege Vulnerability
by toanthang1842002
CVSS 7.8
CVE-2019-7609 NOMISEC CRITICAL
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
by d0x-awrqxavc
CVSS 10.0
CVE-2019-7609 NOMISEC CRITICAL
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
by OliveiraaX
CVSS 10.0
CVE-2018-16763 NOMISEC CRITICAL
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
by VitoBonetti
CVSS 9.8
CVE-2023-21746 NOMISEC HIGH
Windows NTLM - Privilege Escalation
Windows NTLM Elevation of Privilege Vulnerability
by Muhammad-Ali007
3 stars
CVSS 7.8
CVE-2023-20110 NOMISEC MEDIUM
Cisco Smart Software Manager On-Prem < 8-202303 - Authenticated SQL Injection
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.
by redfr0g
16 stars
CVSS 6.5
CVE-2023-33768 NOMISEC MEDIUM
Belkin Wemo Smart Plug WSP080 <1.2 - DoS
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
by purseclab
1 stars
CVSS 6.5