Nomisec Exploits
21,972 exploits tracked across all sources.
Microsoft SharePoint - Remote Code Execution via Application Package Source Markup
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
by boxhg
VMware vRealize Operations Manager < 8.4 - Server-Side Request Forgery via API
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
by Henry4E36
CVE-2014-0226
NOMISEC
Apache HTTP Server 2.2.0-2.2.28 - Denial of Service via mod_status Scoreboard Handling
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
by shreesh1
VMware vRealize Operations Manager < 8.4 - Server-Side Request Forgery via API
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
by GuayoyoCyber
Apache OFBiz SOAP Java Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
by yumusb
Windows 10 and Windows Server 2016/2019 - Denial of Service in Console Driver
Windows Console Driver Denial of Service Vulnerability
by waleedassar
RaspAP 2.5 - Authenticated OS Command Injection via Web Console
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code).
by gerbsec
Huawei HG532 Firmware - Authenticated Remote Code Execution via Port 37215
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
by wilfred-wulbou
Docker Engine < 19.03.11 - IPv6 Router Advertisement Spoofing via CAP_NET_RAW
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
by arax-zaeimi
Mahara 20.10 - Cross-Site Request Forgery via Inbox Mail Deletion
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.
by 0xBaz
VMware vRealize Operations Manager < 8.4 - Server-Side Request Forgery via API
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
by Al1ex
nginx 0.5.6-1.13.2 - Integer Overflow in Range Filter Module
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
by mo3zj
Windows Cloud Files Mini Filter Driver - Privilege Escalation
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
by xyddnljydd
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by Flangvik
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by Pa55w0rd
Windows - Information Disclosure in modem.sys
Windows (modem.sys) Information Disclosure Vulnerability
by waleedassar
Windows 10 1803-20H2 and Windows Server 1909-20H2 - Elevation of Privilege via Win32k ConsoleControl Offset Confusion
Windows Win32k Elevation of Privilege Vulnerability
by linuxdy
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
by NeoDarwin
CVSS 9.8
D-Link DCS-2530L <1.06.01 - Info Disclosure
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
by MzzdToT
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by BearCat4
Windows TPM Device Driver - Information Disclosure
TPM Device Driver Information Disclosure Vulnerability
by waleedassar
GetSimple CMS 3.3.16 - Reflected Cross-Site Scripting in Login Portal
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
by boku7
F5 iControl REST Unauthenticated SSRF Token Generation RCE
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
by dotslashed
CVSS 9.8
Sherlock SherlockIM < 2021-03-29 - Cross-Site Scripting via Chatbot Attachment URI
Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.
by Security-AVS
ASUS UX360CA BIOS <303 - Memory Corruption
The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).
by tandasat
By Source