Nomisec Exploits

22,019 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by sdosis
CVSS 7.8
CVE-2019-18890 NOMISEC MEDIUM
Redmine < 3.3.10 - Authenticated SQL Injection via Object Query
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
by RealLinkers
10 stars
CVSS 6.5
CVE-2014-6271 NOMISEC CRITICAL
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Any3ite
1 stars
CVSS 9.8
CVE-2018-5955 NOMISEC CRITICAL
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
by YagamiiLight
647 stars
CVSS 9.8
CVE-2019-10758 NOMISEC CRITICAL
mongo-express < 0.54.0 - Remote Code Execution via toBSON Method
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
by lp008
5 stars
CVSS 9.9
CVE-2011-3872 NOMISEC
Puppet 2.6.x < 2.6.12 and 2.7.x < 2.7.6 - Certificate Spoofing via X.509 Subject Alternative Name Field
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
by puppetlabs-toy-chest
5 stars
CVE-2019-17427 NOMISEC MEDIUM
Redmine < 3.4.11 and 4.0.x < 4.0.4 - Stored Cross-Site Scripting via Textile Formatting
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
by RealLinkers
1 stars
CVSS 6.1
CVE-2018-6574 NOMISEC HIGH
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
by kev-ho
CVSS 7.8
CVE-2017-8759 NOMISEC HIGH
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 - Remote Code Execution
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
by zhengkook
CVSS 7.8
CVE-2019-8601 NOMISEC HIGH
Apple iCloud < 7.12 - Memory Corruption via Malicious Web Content
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
by BadAccess11
17 stars
CVSS 8.8
CVE-2019-16278 NOMISEC CRITICAL
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by NHPT
CVSS 9.8
CVE-2019-16278 NOMISEC CRITICAL
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by Kr0ff
1 stars
CVSS 9.8
CVE-2017-7494 NOMISEC CRITICAL
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by john-80
CVSS 9.8
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by ch4ko
CVSS 9.8
CVE-2019-9810 NOMISEC HIGH
Firefox < 66.0.1 and ESR < 60.6.1 - Memory Corruption via IonMonkey JIT Compiler
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by 0vercl0k
229 stars
CVSS 8.8
CVE-2019-10758 NOMISEC CRITICAL
mongo-express < 0.54.0 - Remote Code Execution via toBSON Method
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
by masahiro331
111 stars
CVSS 9.9
CVE-2013-3651 NOMISEC
LOCKON EC-CUBE 2.11.2-2.12.4 - Remote PHP Code Injection via Crafted String
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
by motikan2010
2 stars
CVE-2019-17571 NOMISEC CRITICAL
Apache Log4j <= 1.2.17 - Deserialization of Untrusted Data via SocketServer
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
by shadow-horse
78 stars
CVSS 9.8
CVE-2019-15107 NOMISEC CRITICAL
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
by hannob
8 stars
CVSS 9.8
CVE-2019-17495 NOMISEC CRITICAL
Swagger UI < 3.23.11 - CSS Injection via Relative Path Overwrite
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
by SecT0uch
CVSS 9.8
CVE-2019-19844 NOMISEC CRITICAL
Django < 1.11.27, 2.x < 2.2.9, 3.x < 3.0.1 - Account Takeover via Unicode Case Transformation Bypass
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
by ryu22e
100 stars
CVSS 9.8
CVE-2019-19204 NOMISEC HIGH
Oniguruma <6.9.4_rc2 - Buffer Overflow
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
by tarantula-team
CVSS 7.5
CVE-2019-19203 NOMISEC HIGH
Oniguruma 6.x <6.9.4_rc2 - Memory Corruption
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
by tarantula-team
CVSS 7.5
CVE-2017-11176 NOMISEC HIGH
Linux Kernel <= 4.11.9 - Use-After-Free in mq_notify Netlink Socket Handling
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
by leonardo1101
CVSS 7.8
CVE-2019-16889 NOMISEC HIGH
Ubiquiti EdgeMAX Firmware < 2.0.3 - Denial of Service via Beaker Session ID Cookie
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
by grampae
CVSS 7.5
By Source
All 22,019 Writeup 60,754 Exploitdb 50,023 Nomisec 22,019 Metasploit 3,235 Github 3,041 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,351 python 6,258 ruby 5,925 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24