Nomisec Exploits

21,980 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-35713 NOMISEC CRITICAL
Linksys RE6500 Firmware < 1.0.012.001 - Unauthenticated Remote Code Execution via goform/setSysAdm
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
by Al1ex
1 stars
CVSS 9.8
CVE-2020-17456 NOMISEC CRITICAL
SEOWON INTECH SLC-130,SLR-120S - RCE
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
by Al1ex
4 stars
CVSS 9.8
CVE-2019-18935 NOMISEC CRITICAL
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
by becrevex
CVSS 9.8
CVE-2020-8165 NOMISEC CRITICAL
Rails <5.2.4.3-6.0.3.1 - Deserialization
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
by progfay
CVSS 9.8
CVE-2019-5420 NOMISEC CRITICAL
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
by Eremiel
CVSS 9.8
CVE-2021-1647 NOMISEC HIGH
Microsoft Defender - Remote Code Execution
Microsoft Defender Remote Code Execution Vulnerability
by findcool
1 stars
CVSS 7.8
CVE-2019-17137 NOMISEC CRITICAL
NETGEAR AC1200 R6220 Firmware <1.1.0.86 - Auth Bypass
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.
by vncloudsco
CVSS 9.4
CVE-2021-3164 NOMISEC HIGH
ChurchRota 2.6.4 - Authenticated Remote Code Execution via File Upload
ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php.
by rmccarth
2 stars
CVSS 8.8
CVE-2017-7529 NOMISEC HIGH
nginx 0.5.6-1.13.2 - Integer Overflow in Range Filter Module
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
by gemboxteam
9 stars
CVSS 7.5
CVE-2019-0708 NOMISEC CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by go-bi
CVSS 9.8
CVE-2018-1335 NOMISEC HIGH
Apache Tika <1.18 - Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
by canumay
1 stars
CVSS 8.1
CVE-2020-17519 NOMISEC HIGH
Apache Flink JobManager Traversal
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
by yaunsky
1 stars
CVSS 7.5
CVE-2020-14179 NOMISEC MEDIUM
Atlassian Jira Server/Data Center <8.5.8, 8.6.0-8.11.1 - Unauthenticated Info Disclosure
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
by c0brabaghdad1
8 stars
CVSS 5.3
CVE-2020-7200 NOMISEC CRITICAL
HPE Systems Insight Manager 7.6 - Remote Code Execution
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
by alexfrancow
6 stars
CVSS 9.8
CVE-2019-8791 NOMISEC MEDIUM
Shazam < 9.25.0 (Android) and < 12.11.0 (iOS) - Open Redirect via URL Scheme Parsing
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.
by ashleykinguk
1 stars
CVSS 6.1
CVE-2014-3153 NOMISEC HIGH
Linux Kernel <=3.14.5 - Privilege Escalation
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
by elongl
13 stars
CVSS 7.8
CVE-2018-16763 NOMISEC CRITICAL
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
by uwueviee
CVSS 9.8
CVE-2020-6207 NOMISEC CRITICAL
SAP Solution Manager 7.2 - Auth Bypass
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
by chipik
81 stars
CVSS 9.8
CVE-2020-7961 NOMISEC CRITICAL
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
by ShutdownRepo
18 stars
CVSS 9.8
CVE-2020-13937 NOMISEC MEDIUM
Apache Kylin <4.0.0 - Info Disclosure
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
by yaunsky
9 stars
CVSS 5.3
CVE-2020-8165 NOMISEC CRITICAL
Rails <5.2.4.3-6.0.3.1 - Deserialization
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
by AssassinUKG
CVSS 9.8
CVE-2015-8239 NOMISEC HIGH
sudo - Race Condition in SHA-2 Digest Handling
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
by justinsteven
CVSS 7.0
CVE-2019-0887 NOMISEC HIGH
Remote Desktop Client < 1.2.2691 - Authenticated Remote Code Execution via Clipboard Redirection
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by t43Wiu6
18 stars
CVSS 8.0
CVE-2020-17519 NOMISEC HIGH
Apache Flink JobManager Traversal
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
by radbsie
CVSS 7.5
CVE-2021-3019 NOMISEC HIGH
lanproxy 0.1 - Path Traversal and Credential Exposure via config.properties
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
by Maksim-venus
3 stars
CVSS 7.5
By Source
All 21,980 Writeup 60,527 Exploitdb 50,033 Nomisec 21,980 Metasploit 3,232 Github 2,994 Vulncheck_xdb 909 Inthewild 514 Gitlab 451 Gitee 415 Patchapalooza 312
By Language
text 31,357 python 6,238 ruby 5,922 c 3,593 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 220 shell 101 go 65 postscript 25 xml 24