Nomisec Exploits

22,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-4510 NOMISEC HIGH
binwalk 2.1.2b-2.3.3 - Path Traversal and Remote Code Execution via Malicious PFS Filesystem
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.
by adhikara13
14 stars
CVSS 7.8
CVE-2023-34362 NOMISEC CRITICAL
MOVEit SQL Injection vulnerability
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
by horizon3ai
140 stars
CVSS 9.8
CVE-2015-6967 NOMISEC
Nibbleblog < 4.0.4 - Remote Code Execution via My Image Plugin File Upload
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
by FredBrave
CVE-2022-44268 NOMISEC MEDIUM
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
by adhikara13
2 stars
CVSS 6.5
CVE-2023-34598 NOMISEC CRITICAL
Gibbon v25.0.0 - Local File Inclusion via Path Traversal
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
by Lserein
1 stars
CVSS 9.8
CVE-2023-35844 NOMISEC HIGH
lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
by Lserein
20 stars
CVSS 7.5
CVE-2023-32243 NOMISEC CRITICAL
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
by manavvedawala
CVSS 9.8
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by pashayogi
CVSS 7.8
CVE-2022-44276 NOMISEC CRITICAL
Responsive Filemanager < 9.12.0 - Auth Bypass
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.
by HerrLeStrate
CVSS 9.8
CVE-2022-21907 NOMISEC CRITICAL
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
by cassie0206
CVSS 9.8
CVE-2023-34838 NOMISEC MEDIUM
eScan Management Console 14.0.1400.2281 - Stored Cross-Site Scripting via Description Parameter
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
by sahiloj
1 stars
CVSS 5.4
CVE-2023-34837 NOMISEC MEDIUM
eScan Management Console 14.0.1400.2281 - Cross-Site Scripting via GrpPath Parameter
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
by sahiloj
1 stars
CVSS 5.4
CVE-2023-34836 NOMISEC MEDIUM
eScan Management Console 14.0.1400.2281 - Cross-Site Scripting via Dtltyp and ListName Parameters
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
by sahiloj
1 stars
CVSS 5.4
CVE-2021-45232 NOMISEC CRITICAL
Apache APISIX Dashboard < 2.10.1 - Unauthenticated API Access via Gin Framework Bypass
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
by fany0r
1 stars
CVSS 9.8
CVE-2023-34924 NOMISEC HIGH
H3C Magic B1STW B1STV100R012 - Stack Overflow via SetAPInfoById Function
H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
by ChrisL0tus
CVSS 7.5
CVE-2018-11776 NOMISEC HIGH
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
by sonpt-afk
CVSS 8.1
CVE-2021-46704 NOMISEC CRITICAL
GenieACS <1.2.8 - Command Injection
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
by Erenlancaster
CVSS 9.8
CVE-2023-34598 NOMISEC CRITICAL
Gibbon v25.0.0 - Local File Inclusion via Path Traversal
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
by maddsec
3 stars
CVSS 9.8
CVE-2023-34599 NOMISEC MEDIUM
Gibbon 25.0.0 - Cross-Site Scripting
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.
by maddsec
4 stars
CVSS 6.1
CVE-2022-30136 NOMISEC CRITICAL
Windows Network File System - Remote Code Execution
Windows Network File System Remote Code Execution Vulnerability
by AXRoux
1 stars
CVSS 9.8
CVE-2023-34835 NOMISEC MEDIUM
eScan Management Console 14.0.1400.2281 - Cross-Site Scripting via delete_file Parameter
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
by sahiloj
1 stars
CVSS 5.4
CVE-2023-27997 NOMISEC CRITICAL
FortiOS/FortiProxy SSL-VPN Heap-based Buffer Overflow
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
by puckiestyle
CVSS 9.8
CVE-2023-2579 NOMISEC MEDIUM
InventoryPress < 1.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
by 0xn4d
CVSS 5.4
CVE-2023-27997 NOMISEC CRITICAL
FortiOS/FortiProxy SSL-VPN Heap-based Buffer Overflow
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
by imbas007
1 stars
CVSS 9.8
CVE-2022-33082 NOMISEC HIGH
Open Policy Agent < 0.42.0 - Denial of Service via AST Parser
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
by cyberqueenmeg
CVSS 7.5