Nomisec Exploits

22,842 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-27842 NOMISEC HIGH
eXtplorer 2.1.15 - Remote Code Execution via Insecure Permissions in index.php
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
by cowsecurity
2 stars
CVSS 8.8
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by g1vi
CVSS 9.8
CVE-2023-27587 NOMISEC HIGH
readtomyshoe < 2023-03-13 - Sensitive Information Exposure via Google Cloud TTS Error Message
ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.
by vagnerd
5 stars
CVSS 7.4
CVE-2023-23397 NOMISEC CRITICAL
Microsoft Outlook - Privilege Escalation
Microsoft Outlook Elevation of Privilege Vulnerability
by P4x1s
3 stars
CVSS 9.8
CVE-2023-26692 NOMISEC MEDIUM
ZCBS/ZBBS/ZPBS 4.14k - Cross-Site Scripting
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).
by bigzooooz
1 stars
CVSS 6.1
CVE-2020-24815 NOMISEC MEDIUM
MicroStrategy 10.4/2019/2020 - Authenticated PDF Export Server-Side Request Forgery
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.
by darkvirus-7x
1 stars
CVSS 6.5
CVE-2023-28447 NOMISEC HIGH
Smarty < 3.1.48 and >=4.0.0 <4.3.1 - Cross-Site Scripting
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.
by drkbcn
2 stars
CVSS 7.1
CVE-2022-32199 NOMISEC MEDIUM
ScriptCase < 9.9.008 - Authenticated Arbitrary File Deletion via db_convert.php File Parameter
db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter.
by Toxich4
1 stars
CVSS 6.5
CVE-2014-6271 NOMISEC CRITICAL
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Brandaoo
CVSS 9.8
CVE-2019-11932 NOMISEC HIGH
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by 0759104103
CVSS 8.8
CVE-2017-2751 NOMISEC MEDIUM
HP Consumer Notebook Firmware < F.72 - Insufficiently Protected BIOS Credentials
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
by BaderSZ
1 stars
CVSS 4.6
CVE-2019-5603 NOMISEC HIGH
FreeBSD mqueuefs Improper Resource Shutdown or Release
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.
by raymontag
1 stars
CVSS 7.8
CVE-2019-5596 NOMISEC HIGH
FreeBSD 11.2-STABLE, 12.0-STABLE < r343781, 12.0-RELEASE < p3 - Privilege Escalation via UNIX Domain Socket
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
by raymontag
1 stars
CVSS 8.8
CVE-2023-24998 NOMISEC HIGH
Apache Commons FileUpload < 1.5 - Denial of Service via Unlimited Request Parts
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
by nice1st
4 stars
CVSS 7.5
CVE-2023-26984 NOMISEC HIGH
Peppermint <0.2.4 - Info Disclosure
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
by bypazs
CVSS 8.1
CVE-2023-26982 NOMISEC MEDIUM
Trudesk v1.2.6 - Stored Cross-Site Scripting via Add Tags Parameter
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
by bypazs
CVSS 5.4
CVE-2023-28432 NOMISEC HIGH
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
by Cuerz
10 stars
CVSS 7.5
CVE-2023-23397 NOMISEC CRITICAL
Microsoft Outlook - Privilege Escalation
Microsoft Outlook Elevation of Privilege Vulnerability
by jacquesquail
CVSS 9.8
CVE-2021-29447 NOMISEC HIGH
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
by thomas-osgood
3 stars
CVSS 7.1
CVE-2017-7525 NOMISEC CRITICAL
jackson-databind <2.6.7.1, <2.7.9.1, <2.8.9 - Code Injection
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
by Dannners
1 stars
CVSS 9.8
CVE-2021-26855 NOMISEC CRITICAL
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by kh4sh3i
10 stars
CVSS 9.1
CVE-2023-27532 NOMISEC HIGH
Veeam Backup & Replication < 11.0.1.1261 - Unauthenticated Credential Disclosure
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
by horizon3ai
71 stars
CVSS 7.5
CVE-2022-45003 NOMISEC HIGH
gophish < 0.12.1 - Denial of Service via Autofocus Payload
Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.
by mha98
CVSS 7.5
CVE-2022-45004 NOMISEC MEDIUM
Gophish <= 0.12.1 - Stored Cross-Site Scripting via Crafted Landing Page
Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.
by mha98
CVSS 6.1
CVE-2003-0172 NOMISEC
PHP 4.3.1 - Buffer Overflow in openlog Function
Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
by cyberdesu