Nomisec Exploits

22,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-20887 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
by sinsinology
232 stars
CVSS 9.8
CVE-2017-8464 NOMISEC HIGH
Windows Shell - Remote Code Execution via Crafted .LNK File
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
by tuankiethkt020
CVSS 8.8
CVE-2020-10199 NOMISEC HIGH
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
by hugosg97
CVSS 8.8
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by f0ng
840 stars
CVSS 10.0
CVE-2023-0386 NOMISEC HIGH
Local Privilege Escalation via CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
by xkaneiki
412 stars
CVSS 7.8
CVE-2022-46689 NOMISEC HIGH
macOS Dirty Cow Arbitrary File Write Local Privilege Escalation
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
by straight-tamago
150 stars
CVSS 7.0
CVE-2023-33253 NOMISEC HIGH
LabCollector 6.0-6.15 - Authenticated Remote Code Execution via Message Function File Upload
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
by Toxich4
4 stars
CVSS 8.8
CVE-2022-3590 NOMISEC MEDIUM
WordPress 4.2-6.1.1 - Unauthenticated Blind SSRF via Pingback TOCTOU Race Condition
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
by hxlxmj
8 stars
CVSS 5.9
CVE-2023-2008 NOMISEC HIGH
Linux Kernel < 5.19 - Privilege Escalation via udmabuf Fault Handler Array Index Validation
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.
by bluefrostsecurity
40 stars
CVSS 7.8
CVE-2023-34965 NOMISEC MEDIUM
SSPanel-Uim 2023.3 - Incorrect Authorization in /link/ Interface
SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.
by AgentY0
3 stars
CVSS 5.3
CVE-2023-0630 NOMISEC HIGH
Slimstat Analytics < 4.9.3.3 - Authenticated SQL Injection via Shortcode Attribute Concatenation
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
by RandomRobbieBF
2 stars
CVSS 8.8
CVE-2023-23752 NOMISEC MEDIUM
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
by Ge-Per
CVSS 5.3
CVE-2014-2321 NOMISEC
ZTE F460 and F660 - Unauthenticated Remote Command Execution via web_shell_cmd.gch
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
by injectionmethod
CVE-2023-25157 NOMISEC CRITICAL
GeoServer < 2.18.7 and 2.18.7-2.21.4 - SQL Injection via OGC Filter and CQL Expressions
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
by murataydemir
14 stars
CVSS 9.8
CVE-2022-22274 NOMISEC CRITICAL
SonicOS < 7.0.1-5050 and SonicOSv < 6.5.4.4-44v-21-1452 - Unauthenticated Stack-based Buffer Overflow via HTTP Request
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
by forthisvideo
CVSS 9.8
CVE-2022-45025 NOMISEC CRITICAL
Markdown Preview Enhanced - OS Command Injection via PDF File Import
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.
by andyhsu024
CVSS 9.8
CVE-2022-41034 NOMISEC HIGH
Visual Studio Code < 1.72.1 - Remote Code Execution
Visual Studio Code Remote Code Execution Vulnerability
by andyhsu024
CVSS 7.8
CVE-2021-22911 NOMISEC CRITICAL
Rocket.Chat 3.11-3.13 - Unauthenticated NoSQL Injection and Remote Code Execution
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by CsEnox
59 stars
CVSS 9.8
CVE-2023-29489 NOMISEC MEDIUM
cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
by tucommenceapousser
CVSS 5.3
CVE-2023-29489 NOMISEC MEDIUM
cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
by tucommenceapousser
CVSS 5.3
CVE-2023-31541 NOMISEC CRITICAL
CKEditor v1.2.3 - Unrestricted File Upload via Browse and Upload Images Feature
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
by DreamD2v
2 stars
CVSS 9.8
CVE-2022-42045 NOMISEC MEDIUM
Zemana AntiMalware and Watchdog Anti-Malware - Arbitrary Code Injection
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.
by ReCryptLLC
39 stars
CVSS 6.7
CVE-2023-3163 NOMISEC LOW
RuoYi < 4.7.7 - Uncontrolled Resource Consumption via filterKeyword Function
A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.
by George0Papasotiriou
4 stars
CVSS 3.5
CVE-2023-25157 NOMISEC CRITICAL
GeoServer < 2.18.7 and 2.18.7-2.21.4 - SQL Injection via OGC Filter and CQL Expressions
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.
by 0x2458bughunt
10 stars
CVSS 9.8
CVE-2023-34096 NOMISEC MEDIUM
Thruk < 3.06.2 - Path Traversal via Panorama Location Parameter
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
by galoget
1 stars
CVSS 6.5