Nomisec Exploits
21,957 exploits tracked across all sources.
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by I-Rinka
Windows IIS HTTP Protocol Stack DOS
HTTP Protocol Stack Remote Code Execution Vulnerability
by zha0gongz1
Android 8.0-10 - Local Privilege Escalation via ActivityManagerService getProcessRecordLocked
In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304
by Zachinio
Pega Infinity 8.2.1-8.5.2 - Authentication Bypass via Password Reset
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
by samwcyo
Exim 4.90-4.94.1 - Use-After-Free in SMTP Reset
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
by dorkerdevil
WooCommerce < 3.2.6 - Directory Traversal via Email Template URI
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
by fu2x2000
CVSS 7.5
D-Link Router DIR-842 v3.0.2 - Auth Bypass
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
by mavlevin
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
by 0xm4ud
MySQL Server < 8.0.22 - Authenticated Denial of Service in Optimizer
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
by TheCryingGame
CVSS 4.9
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
by yuaneuro
CMS Made Simple 2.2.8 - Unauthenticated Blind SQL Injection via News Module m1_idlist Parameter
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
by d3athcod3
Apache OFBiz SOAP Java Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
by yuaneuro
Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
by yuaneuro
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
by Arnoldqqq
CVSS 9.8
xmlhttprequest < 1.7.0 and xmlhttprequest-ssl < 1.6.2 - Remote Code Execution via Synchronous Request
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.
by s-index
JetBrains PyCharm < 2020.3.4 - Local Code Execution via VCS Project Import
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.
by atorralba
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
by se162xg
Microsoft Windows - Information Disclosure via Infrared Data Association (IrDA)
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
by waleedassar
Apache OFBiz < 17.12.07 - Unauthenticated Remote Code Execution via Unsafe Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
by freeide
CVSS 9.8
VoIPmonitor < 24.61 - Unauthenticated Remote Code Execution via SPOOLDIR Injection
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
by Al1ex
MalwareFox AntiMalware <2.74.0.150 - Privilege Escalation
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges.
by irql
Netapp Oncommand Insight < 5.15.14 - SSRF
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
by s-index
NetApp OnCommand Insight - Denial of Service via XStream Deserialization
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
by s-index
CVSS 7.5
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by qianniaoge
CVSS 9.8
Windows 10 and Windows Server 2016/2019 - Denial of Service in NTFS
Windows NTFS Denial of Service Vulnerability
by shubham0d
By Source