Nomisec Exploits

22,040 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-15982 NOMISEC HIGH
Adobe Flash Player < 31.0.0.153 - Use-After-Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
by Ridter
181 stars
CVSS 7.8
CVE-2017-8570 NOMISEC HIGH
Microsoft Office - Remote Code Execution
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
by Drac0nids
2 stars
CVSS 7.8
CVE-2017-9544 NOMISEC CRITICAL
EFS Software Easy Chat Server <3.1 - Buffer Overflow
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
by adenkiewicz
CVSS 9.8
CVE-2018-19788 NOMISEC HIGH
PolicyKit <0.115 - Privilege Escalation
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
by jhlongjr
1 stars
CVSS 8.8
CVE-2016-0728 NOMISEC HIGH
Linux kernel <4.4.1 - Privilege Escalation/DoS
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
by nardholio
22 stars
CVSS 7.8
CVE-2008-0166 NOMISEC HIGH
OpenSSL <0.9.8g-9 - Info Disclosure
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
by avarx
1 stars
CVSS 7.5
CVE-2009-1330 NOMISEC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
by adenkiewicz
CVE-2018-4407 NOMISEC HIGH
iPhone OS < 12.0 - Memory Corruption via ICMP Error Handling
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
by zeng9t
2 stars
CVSS 8.8
CVE-2018-8581 NOMISEC HIGH
Microsoft Exchange Server - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
by WyAtu
332 stars
CVSS 7.4
CVE-2018-4431 NOMISEC MEDIUM
iPhone OS < 12.1.1 - Unprotected User Data Exposure via Memory Initialization Issue
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
by ktiOSz
4 stars
CVSS 5.5
CVE-2018-8581 NOMISEC HIGH
Microsoft Exchange Server - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
by qiantu88
5 stars
CVSS 7.4
CVE-2018-14442 NOMISEC CRITICAL
Foxit Reader <9.2 - PhantomPDF <9.2 - Use After Free
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.
by payatu
58 stars
CVSS 9.8
CVE-2017-5123 NOMISEC HIGH
Linux Kernel 4.13 through 4.13.7 - Sandbox Escape via waitid
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.
by teawater
CVSS 8.8
CVE-2018-1002105 NOMISEC CRITICAL
Kubernetes < 1.10.11, < 1.11.5, < 1.12.3 - Server-Side Request Forgery via Proxy Error Handling
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
by evict
222 stars
CVSS 9.8
CVE-2018-15982 NOMISEC HIGH
Adobe Flash Player < 31.0.0.153 - Use-After-Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
by SyFi
5 stars
CVSS 7.8
CVE-2018-4878 NOMISEC HIGH
Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player Listener Handling
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
by Yable
CVSS 7.8
CVE-2003-0264 NOMISEC
SLMail 5.1.0.4420 - Buffer Overflow
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.
by war4uthor
CVE-2012-5106 NOMISEC
FreeFloat FTP Server 1.0 - Buffer Overflow
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
by war4uthor
CVE-2007-1567 NOMISEC
War FTP Daemon < 1.65 - Stack-Based Buffer Overflow
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain.
by war4uthor
CVE-2016-3957 NOMISEC CRITICAL
web2py < 2.14.2 - Remote Code Execution via Pickle Deserialization in Session Cookie
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.
by sj
CVSS 9.8
CVE-2018-10933 NOMISEC CRITICAL
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by nikhil1232
6 stars
CVSS 9.1
CVE-2018-0296 NOMISEC HIGH
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
by qiantu88
CVSS 7.5
CVE-2018-8120 NOMISEC HIGH
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
by qiantu88
CVSS 7.0
CVE-2017-12617 NOMISEC HIGH
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by qiantu88
CVSS 8.1
CVE-2004-2271 NOMISEC
MiniShare < 1.4.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
by war4uthor
By Source
All 22,040 Writeup 60,959 Exploitdb 50,031 Nomisec 22,040 Metasploit 3,243 Github 3,066 Vulncheck_xdb 909 Inthewild 514 Gitlab 463 Gitee 415 Patchapalooza 312
By Language
text 31,353 python 6,278 ruby 5,933 c 3,604 perl 2,849 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 222 shell 108 go 65 postscript 25 xml 24