Nomisec Exploits

22,814 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-33617 NOMISEC HIGH
Parks Fiberlink 210 <V2.1.14_X000 - Command Injection
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.
by tucommenceapousser
1 stars
CVSS 7.2
CVE-2022-22963 NOMISEC CRITICAL
Spring Cloud Function < 3.1.6 - Remote Code Execution via SpEL Routing Expression
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
by nikn0laty
CVSS 9.8
CVE-2023-30212 NOMISEC MEDIUM
ourphp <= 7.2.0 - Cross-Site Scripting via /client/manage/ourphp_out.php
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by Anandhu990
CVSS 6.1
CVE-2023-30212 NOMISEC MEDIUM
ourphp <= 7.2.0 - Cross-Site Scripting via /client/manage/ourphp_out.php
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by kuttappu123
1 stars
CVSS 6.1
CVE-2023-30145 NOMISEC CRITICAL
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
by paragbagul111
7 stars
CVSS 9.8
CVE-2021-22555 NOMISEC HIGH
Netfilter x_tables Heap OOB Write Privilege Escalation
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
by masjohncook
1 stars
CVSS 8.3
CVE-2023-29839 NOMISEC MEDIUM
HotelDruid 3.0.4 - Stored Cross-Site Scripting via Document Surname Name or Nickname Fields
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
by jichngan
1 stars
CVSS 5.4
CVE-2023-25292 NOMISEC MEDIUM
Group-Office 6.6.145 - Reflected Cross-Site Scripting via GO_LANGUAGE Cookie
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
by tucommenceapousser
CVSS 6.1
CVE-2019-19492 NOMISEC CRITICAL
FreeSWITCH <1.10.1 - Info Disclosure
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
by Chocapikk
3 stars
CVSS 9.8
CVE-2023-30212 NOMISEC MEDIUM
ourphp <= 7.2.0 - Cross-Site Scripting via /client/manage/ourphp_out.php
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
by Rishipatidar
1 stars
CVSS 6.1
CVE-2023-2732 NOMISEC CRITICAL
MStore API < 3.9.2 - Unauthenticated Authentication Bypass via Listing REST API
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
by RandomRobbieBF
6 stars
CVSS 9.8
CVE-2007-5962 NOMISEC
Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
by antogit-sys
1 stars
CVE-2023-29923 NOMISEC MEDIUM
PowerJob V4.3.1 - Insecure Permissions via List Job Interface
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
by P4x1s
3 stars
CVSS 5.3
CVE-2022-4616 NOMISEC HIGH
Delta DX-3021 <1.24 - Command Injection
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.
by ahanel13
CVSS 7.2
CVE-2019-8341 NOMISEC CRITICAL
Jinja2 - Server-Side Template Injection via from_string Function
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
by adindrabkin
CVSS 9.8
CVE-2023-32243 NOMISEC CRITICAL
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
by YouGina
CVSS 9.8
CVE-2023-31747 NOMISEC HIGH
Wondershare Filmora <12.2.1.2088 - Privilege Escalation
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
by msd0pe-1
CVSS 7.8
CVE-2023-32162 NOMISEC HIGH
Wacom Drivers for Windows - Local Privilege Escalation via WacomInstallI.txt File Permissions
Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318.
by LucaBarile
CVSS 7.8
CVE-2023-32163 NOMISEC HIGH
Wacom Drivers for Windows - Local Privilege Escalation via Symbolic Link
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.
by LucaBarile
2 stars
CVSS 7.8
CVE-2023-2859 NOMISEC HIGH
nilsteampassnet/teampass <3.0.9 - Code Injection
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
by mnqazi
CVSS 8.8
CVE-2023-2591 NOMISEC MEDIUM
TeamPass < 3.0.7 - Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
by mnqazi
CVSS 5.4
CVE-2023-2516 NOMISEC MEDIUM
TeamPass < 3.0.7 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
by mnqazi
CVSS 5.4
CVE-2020-2023 NOMISEC LOW
Kata Containers <1.11.1, <1.10.5, <=1.9 - Remote Code Execution
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.
by ssst0n3
3 stars
CVSS 3.8
CVE-2023-31726 NOMISEC HIGH
AList 3.15.1 - Incorrect Access Control
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
by J6451
3 stars
CVSS 7.5
CVE-2023-31595 NOMISEC HIGH
IC Realtime ICIP-P2012T <2.420 - Info Disclosure
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.
by Yozarseef95
CVSS 7.5