Nomisec Exploits

22,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-13995 NOMISEC CRITICAL
U.S. Air Force Sensor Data Management System extract75 - Out-of-bounds Write via Untrusted NITF File
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.
by dbrumley
CVSS 9.8
CVE-2022-0441 NOMISEC CRITICAL
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
by tegal1337
1 stars
CVSS 9.8
CVE-2023-33246 NOMISEC CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
by P4x1s
3 stars
CVSS 9.8
CVE-2023-33381 NOMISEC HIGH
MitraStar GPT-2741GNAC - Command Injection
A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function.
by duality084
13 stars
CVSS 7.2
CVE-2023-28218 NOMISEC HIGH
Windows Ancillary Function Driver for WinSock - Elevation of Privilege
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by ahiahai242
1 stars
CVSS 7.0
CVE-2023-28218 NOMISEC HIGH
Windows Ancillary Function Driver for WinSock - Elevation of Privilege
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
by h1bAna
1 stars
CVSS 7.0
CVE-2020-11890 NOMISEC MEDIUM
Joomla! < 3.9.17 - Improper Input Validation in Usergroup Table
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
by HoangKien1020
62 stars
CVSS 5.3
CVE-2021-33690 NOMISEC CRITICAL
SAP NetWeaver Development Infrastructure Component Build Service 7.11-7.50 - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.
by redrays-io
CVSS 9.9
CVE-2020-17087 NOMISEC HIGH
Windows Kernel - Privilege Escalation
Windows Kernel Local Elevation of Privilege Vulnerability
by raiden757
CVSS 7.8
CVE-2019-0708 NOMISEC CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by davidfortytwo
CVSS 9.8
CVE-2023-33246 NOMISEC CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
by SuperZero
112 stars
CVSS 9.8
CVE-2023-33732 NOMISEC MEDIUM
Microworld Technologies eScan mgmt console 14.0.1400.2281 - XSS
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
by sahiloj
1 stars
CVSS 6.1
CVE-2023-33246 NOMISEC CRITICAL
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
by 4mazing
2 stars
CVSS 9.8
CVE-2022-29455 NOMISEC MEDIUM
Elementor Website Builder <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
by tucommenceapousser
CVSS 4.7
CVE-2022-29455 NOMISEC MEDIUM
Elementor Website Builder <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
by tucommenceapousser
CVSS 4.7
CVE-2010-2075 NOMISEC
UnrealIRCd 3.2.8.1 - Remote Code Execution via Trojaned DEBUG3_DOLOG_SYSTEM Macro
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
by FredBrave
1 stars
CVE-2023-28244 NOMISEC HIGH
Windows Server 2008, 2012, 2016, 2019, 2022 - Elevation of Privilege via Kerberos
Windows Kerberos Elevation of Privilege Vulnerability
by sk3w
2 stars
CVSS 8.1
CVE-2023-3009 NOMISEC MEDIUM
nilsteampassnet/teampass <3.0.9 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
by mnqazi
CVSS 5.4
CVE-2023-2002 NOMISEC MEDIUM
Linux Kernel < 6.4 - Unauthorized Bluetooth Management Command Execution via HCI Sockets
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
by lrh2000
85 stars
CVSS 6.8
CVE-2023-32243 NOMISEC CRITICAL
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
by gbrsh
3 stars
CVSS 9.8
CVE-2023-28121 NOMISEC CRITICAL
WooCommerce Payments < 4.8.2 and WooPayments < 5.6.2 - Unauthenticated Privilege Escalation via Request Forgery
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
by gbrsh
42 stars
CVSS 9.8
CVE-2022-20493 NOMISEC HIGH
Android - Local Privilege Escalation via Notification Access Input Validation
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
by Trinadh465
CVSS 7.8
CVE-2022-23773 NOMISEC HIGH
GO < 1.16.14 - Interpretation Conflict
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
by YouShengLiu
CVSS 7.5
CVE-2020-0601 NOMISEC HIGH
Windows 10 and Windows Server - Certificate Spoofing via ECC Certificate Validation
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
by Hans-MartinHannibalLauridsen
1 stars
CVSS 8.1
CVE-2023-33731 NOMISEC MEDIUM
Microworld Technologies eScan <14.0.1400.2281 - XSS
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
by sahiloj
1 stars
CVSS 6.1