Nomisec Exploits

22,809 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-29336 NOMISEC HIGH
Windows 10 1507 < 10.0.10240.19926 and 1607 < 10.0.14393.5921 - Use-After-Free in Win32k
Win32k Elevation of Privilege Vulnerability
by m-cetin
21 stars
CVSS 7.8
CVE-2018-16763 NOMISEC CRITICAL
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
by antisecc
CVSS 9.8
CVE-2023-34960 NOMISEC CRITICAL
Chamilo unauthenticated command injection in PowerPoint upload
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
by Aituglo
34 stars
CVSS 9.8
CVE-2022-41828 NOMISEC HIGH
Amazon AWS Redshift JDBC Driver <2.1.0.8 - Code Injection
In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
by murataydemir
4 stars
CVSS 8.1
CVE-2023-32353 NOMISEC HIGH
iTunes < 12.12.9 - Privilege Escalation
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
by 86x
34 stars
CVSS 7.8
CVE-2022-0439 NOMISEC HIGH
Email Subscribers & Newsletters <5.3.2 - SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.
by RandomRobbieBF
1 stars
CVSS 8.8
CVE-2023-22809 NOMISEC HIGH
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
by hello4r1end
CVSS 7.8
CVE-2020-27786 NOMISEC HIGH
Linux Kernel < 4.4.224 - Use-After-Free in MIDI ioctl Handler
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
by Trinadh465
CVSS 7.8
CVE-2021-42013 NOMISEC CRITICAL
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
by cybfar
1 stars
CVSS 9.8
CVE-2023-51504 NOMISEC MEDIUM
Dan's Embedder for Google Calendar <1.2 - XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.
by Sybelle03
CVSS 6.5
CVE-2021-43617 NOMISEC CRITICAL
Laravel Framework <8.70.2 - Code Injection
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
by Sybelle03
1 stars
CVSS 9.8
CVE-2012-1495 NOMISEC CRITICAL
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
by axelbankole
CVSS 9.8
CVE-2023-23638 NOMISEC MEDIUM
Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
by P4x1s
CVSS 5.0
CVE-2021-21972 NOMISEC CRITICAL
VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
by NS-Sp4ce
500 stars
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
by dbgee
CVSS 9.8
CVE-2023-21971 NOMISEC MEDIUM
Oracle MySQL Connector/J <8.0.32 - Privilege Escalation
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).
by Avento
3 stars
CVSS 5.3
CVE-2023-23488 NOMISEC CRITICAL
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
by cybfar
1 stars
CVSS 9.8
CVE-2023-33246 NOMISEC CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
by Malayke
104 stars
CVSS 9.8
CVE-2023-33829 NOMISEC MEDIUM
Cloudogu GmbH SCM Manager <1.60 - XSS
A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
by P4x1s
3 stars
CVSS 5.4
CVE-2023-34362 NOMISEC CRITICAL
MOVEit SQL Injection vulnerability
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
by deepinstinct
2 stars
CVSS 9.8
CVE-2023-33477 NOMISEC MEDIUM
Harmonic NSG 9000-6G - Info Disclosure
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.
by Skr11lex
CVSS 6.5
CVE-2021-22911 NOMISEC CRITICAL
Rocket.Chat 3.11-3.13 - Unauthenticated NoSQL Injection and Remote Code Execution
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by MrDottt
CVSS 9.8
CVE-2023-2114 NOMISEC HIGH
NEX-Forms < 8.4 - SQL Injection via Table Parameter
The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.
by SchmidAlex
2 stars
CVSS 7.2
CVE-2021-31956 NOMISEC HIGH
Windows NTFS - Elevation of Privilege via Integer Underflow
Windows NTFS Elevation of Privilege Vulnerability
by hoangprod
4 stars
CVSS 7.8
CVE-2023-32243 NOMISEC CRITICAL
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
by RandomRobbieBF
81 stars
CVSS 9.8