Nomisec Exploits

21,918 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-5014 NOMISEC MEDIUM
IBM Datapower Gateway < 10.0.1.1 - SSRF
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
by copethomas
2 stars
CVSS 6.7
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by MrCl0wnLab
6 stars
CVSS 9.8
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by SecTheBit
2 stars
CVSS 9.8
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by blind-intruder
7 stars
CVSS 9.8
CVE-2022-30525 NOMISEC CRITICAL
Zyxel Firewall SUID Binary Privilege Escalation
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
by jbaines-r7
30 stars
CVSS 9.8
CVE-2022-27134 NOMISEC HIGH
B1 Eosio Batdappboomx - Incorrect Authorization
EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.
by Kenun99
CVSS 7.5
CVE-2021-41773 NOMISEC CRITICAL
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by anldori
CVSS 9.8
CVE-2022-26923 NOMISEC HIGH
Active Directory Certificate Services (ADCS) privilege escalation (Certifried)
Active Directory Domain Services Elevation of Privilege Vulnerability
by r1skkam
6 stars
CVSS 8.8
CVE-2018-9995 NOMISEC CRITICAL
TBK DVR4104/DVR4216 - Auth Bypass
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
by LeQuocKhanh2K
CVSS 9.8
CVE-2022-24924 NOMISEC LOW
Samsung Livewallpaperservice < 3.0.9.0 - Improper Access Control
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.
by heegong
2 stars
CVSS 2.2
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by pauloink
CVSS 9.8
CVE-2022-1388 NOMISEC CRITICAL
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by mr-vill4in
CVSS 9.8
CVE-2022-23270 NOMISEC HIGH
Microsoft Windows 10 - Remote Code Execution
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
by corelight
1 stars
CVSS 8.1
CVE-2022-25315 NOMISEC CRITICAL
Libexpat < 2.4.5 - Integer Overflow
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
by ShaikUsaf
CVSS 9.8
CVE-2022-25314 NOMISEC HIGH
Libexpat < 2.4.5 - Integer Overflow
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
by ShaikUsaf
CVSS 7.5
CVE-2013-4710 NOMISEC
Android <4.1.x - RCE
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
by Snip3R69
1 stars
CVE-2012-6636 NOMISEC
Google Android API < 16.0 - Access Control
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
by Snip3R69
1 stars
CVE-2022-25313 NOMISEC MEDIUM
Expat <2.4.5 - Memory Corruption
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
by ShaikUsaf
CVSS 6.5
CVE-2022-29932 NOMISEC HIGH
Primeur Spazio - Memory Leak
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.
by Off3nS3c
1 stars
CVSS 7.5
CVE-2022-28078 NOMISEC MEDIUM
Home Owners Collection Management System - XSS
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
by bigzooooz
2 stars
CVSS 6.1
CVE-2022-28077 NOMISEC MEDIUM
Home Owners Collection Management System - XSS
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
by bigzooooz
1 stars
CVSS 6.1
CVE-2022-26133 NOMISEC CRITICAL
Atlassian Bitbucket Data Center <7.17.6 - Code Injection
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
by Pear1y
148 stars
CVSS 9.8
CVE-2022-22976 NOMISEC MEDIUM
Vmware Spring Security < 5.5.7 - Integer Overflow
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
by spring-io
1 stars
CVSS 5.3
CVE-2021-44228 NOMISEC CRITICAL
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by romanutti
CVSS 10.0
CVE-2022-30292 NOMISEC CRITICAL
Squirrel - Out-of-Bounds Write
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
by sprushed
2 stars
CVSS 10.0
By Source
All 21,918 Writeup 60,429 Exploitdb 50,009 Nomisec 21,918 Metasploit 3,229 Github 2,763 Vulncheck_xdb 907 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,048 ruby 5,918 c 3,579 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 61 postscript 25 xml 24