Nomisec Exploits
21,957 exploits tracked across all sources.
Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
by cyber-niz
CVSS 6.1
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
by IanSmith123
CVSS 9.8
macOS < 10.15.2 - Out-of-bounds Write
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.
by pattern-f
Windows Certificate Dialog - Privilege Escalation
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
by nobodyatall648
WordPress < 4.9.9 and 5.x < 5.0.1 - Authenticated Remote Code Execution via Image Metadata
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
by synod2
CVSS 8.8
Layer5 Meshery 0.5.2 - SQL Injection via /experimental/patternfiles Order Parameter
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).
by ssst0n3
CVSS 9.8
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by ajtech-hue
CVSS 7.8
sudo 1.7.1-1.8.25 - Stack-based Buffer Overflow via pwfeedback
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
by paras1te-x
CVSS 7.8
GitLab EE/CE <12.9 - Path Traversal
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
by vandycknick
Discourse 2.7.0-beta1 - Two-Factor Authentication Bypass via Rate-Limit Bypass
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
by Mesh3l911
jqueryFileTree <2.1.5 - Path Traversal
jqueryFileTree 2.1.5 and older Directory Traversal
by Nickguitar
eWeLink < 4.9.1 (iOS) and < 4.9.2 (Android) - Weak Encryption in Quick Pairing Mode
Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process.
by salgio
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by kal1gh0st
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
by PetrusViet
CVE-2015-8562
NOMISEC
Joomla! 1.5.x-3.4.5 - Unauthenticated Remote Code Execution via HTTP User-Agent Header
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
by lorenzodegiorgi
Microsoft Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
by Shadow0ps
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
by Algafix
Microsoft Exchange Server - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
by ann0906
CVSS 8.8
Atlassian Jira Server/Data Center <7.13.6, 8.0.0-8.5.7 - User Enumeration via ViewUserHover.jspa
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
by und3sc0n0c1d0
Jira < 7.13.3, 8.0.0-8.0.3, 8.1.0 - Unauthenticated Username Enumeration via User Picker REST Endpoint
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
by und3sc0n0c1d0
Google Chrome < 70.0.3538.64 - Remote Code Execution via V8 Side Effect Annotation
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by kdmarti2
Anchor CMS 0.12.7 - Cross-Site Request Forgery in User Edit Function
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
by DXY0411
CVSS 8.8
2021 Ubuntu Overlayfs LPE
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
by Abdennour-py
CVSS 8.8
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by RickGeex
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by nobodyatall648
CVSS 8.1
By Source