Nomisec Exploits

22,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-33405 NOMISEC MEDIUM
Blogengine.net <3.3.8.0 - Open Redirect
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
by hacip
CVSS 6.1
CVE-2023-33404 NOMISEC CRITICAL
BlogEngine.NET < 3.3.8.0 - Remote Code Execution via Insufficient Upload Validation
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
by hacip
CVSS 9.8
CVE-2023-30212 NOMISEC MEDIUM
ourphp <= 7.2.0 - Cross-Site Scripting via /client/manage/ourphp_out.php
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by arunsnap
CVSS 6.1
CVE-2023-33476 NOMISEC CRITICAL
ReadyMedia (MiniDLNA) <1.3.2 - Buffer Overflow
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.
by mellow-hype
19 stars
CVSS 9.8
CVE-2023-30212 NOMISEC MEDIUM
ourphp <= 7.2.0 - Cross-Site Scripting via /client/manage/ourphp_out.php
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by JasaluRah
CVSS 6.1
CVE-2023-20126 NOMISEC CRITICAL
Cisco SPA112 2-Port Phone Adapters - Unauthenticated Remote Code Execution via Firmware Upgrade Function
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.
by fullspectrumdev
24 stars
CVSS 9.8
CVE-2021-30357 NOMISEC MEDIUM
SSL Network Extender Client <build 800008302 - Info Disclosure
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
by joaovarelas
6 stars
CVSS 5.3
CVE-2023-1454 NOMISEC MEDIUM
jeecg-boot 3.5.0 - SQL Injection via apiSelectId Parameter
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
by Sweelg
21 stars
CVSS 6.3
CVE-2023-32233 NOMISEC HIGH
Linux Kernel 3.13-6.3.1 - Use-After-Free in Netfilter nf_tables via Anonymous Set Mishandling
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
by oferchen
49 stars
CVSS 7.8
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by Chan9Yan9
2 stars
CVSS 7.8
CVE-2021-22911 NOMISEC CRITICAL
Rocket.Chat 3.11-3.13 - Unauthenticated NoSQL Injection and Remote Code Execution
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by overgrowncarrot1
CVSS 9.8
CVE-2023-2833 NOMISEC HIGH
ReviewX plugin <1.6.13 - Privilege Escalation
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
by Alucard0x1
1 stars
CVSS 8.8
CVE-2023-34830 NOMISEC MEDIUM
i-doit < 24 - Reflected Cross-Site Scripting via Login Page Timeout Parameter
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
by leekenghwa
3 stars
CVSS 5.4
CVE-2018-19320 NOMISEC HIGH
GIGABYTE APP Center <1.05.21 - Memory Corruption
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
by hmnthabit
10 stars
CVSS 7.8
CVE-2008-6806 NOMISEC
7shop < 1.1 - Unauthenticated Arbitrary File Upload via Image Upload
Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
by threatcode
CVE-2023-30212 NOMISEC MEDIUM
ourphp <= 7.2.0 - Cross-Site Scripting via /client/manage/ourphp_out.php
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by imathewvincent
CVSS 6.1
CVE-2023-34362 NOMISEC CRITICAL
MOVEit SQL Injection vulnerability
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
by kenbuckler
6 stars
CVSS 9.8
CVE-2023-28810 NOMISEC MEDIUM
Access Control/Intercom < - Info Disclosure
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
by skylightcyber
CVSS 4.3
CVE-2019-6340 NOMISEC HIGH
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by knqyf263
42 stars
CVSS 8.1
CVE-2023-24078 NOMISEC HIGH
FuguHub < 8.1 - Remote Code Execution via CMS Docs Component
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
by overgrowncarrot1
7 stars
CVSS 8.8
CVE-2023-33817 NOMISEC HIGH
HotelDruid 3.0.5 - SQL Injection
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
by leekenghwa
1 stars
CVSS 8.8
CVE-2022-44666 NOMISEC HIGH
Windows Contacts - Remote Code Execution
Windows Contacts Remote Code Execution Vulnerability
by j00sean
155 stars
CVSS 7.8
CVE-2022-32250 NOMISEC HIGH
Linux Kernel 4.1-5.18.1 - Use-After-Free in nf_tables_api.c
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
by theori-io
177 stars
CVSS 7.8
CVE-2023-20178 NOMISEC HIGH
Cisco AnyConnect Secure Mobility Client and Secure Client - Privilege Escalation
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
by Wh04m1001
90 stars
CVSS 7.8
CVE-2023-29343 NOMISEC HIGH
SysInternals Sysmon - Privilege Escalation
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
by Wh04m1001
161 stars
CVSS 7.8