Lucene search
K

274570 matches found

Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.153 views

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.227 views

📄 PKP-WAL 3.5.0-1 SQL Injection

PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/23 12:0 a.m.1199 views

📄 Apache mod_ssl TLS 1.3 Client Certificate Authentication Bypass

Apache modssl TLS 1.3 client certificate authentication bypass proof of concept exploit. ============================================================================================================================================= | Title : Apache modssl TLS 1.3 Client Certificate Authentication...

9.1CVSS8.2AI score0.0097EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/12/22 6:41 p.m.257 views

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

🚨 CVE-2025-68613: Critical RCE Vulnerability in n8n...

9.9CVSS9.3AI score0.97875EPSS
Exploits29
GithubExploit
GithubExploit
added 2025/12/22 6:45 a.m.153 views

Exploit for CVE-2025-68613

CVE-2025-68613 n8n is an open source workflow automation pla...

9.9CVSS7.8AI score0.97875EPSS
Exploits29
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.141 views

📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage

Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.157 views

📄 Assistive Technologies Persistence

This Metasploit module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch the AT executable during user logon or desktop switch such as with an admin privileged program. Requires Windows 8 or higher and...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.163 views

📄 Adobe DNG SDK 1.5 Integer Overflow / Local Crash

This proof of concept exploit demonstrates a local crash condition caused by an integer overflow vulnerability in the Adobe DNG SDK versions 1.5 through 1.7.0. The provided Bash script dynamically generates a malformed DNG image file containing a crafted opcode list that abuses the ScalePerColumn...

7.8CVSS6.6AI score0.00172EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.202 views

📄 HPE OneView Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...

10CVSS8.4AI score0.89733EPSS
Exploits8
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.149 views

📄 Adobe DNG SDK 1.5 Web Upload Integer Overflow

Adobe DNG SDK versions 1.5 through 1.7.0 can have an integer overflow triggered via a web upload. If the backend processes the uploaded file with a vulnerable version of the DNG SDK, the malformed opcode data may result in an application crash or unexpected behavior...

7.8CVSS7AI score0.00172EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.184 views

📄 Adobe DNG SDK Image Processing Logic

Proof of concept exploit that demonstrates a heap out-of-bounds read / write leading to memory corruption and potential code execution in the Image Processing Logic of Adobe DNG SDK versions prior to 1.7.1.2410...

7.1CVSS7.4AI score0.00165EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.192 views

📄 Headlamp 0.38.0 Unauthenticated Cached Credentials Access

Proof of concept exploit for a flaw in Headlamp Kubernetes dashboard versions 0.38.0 and below that allows unauthenticated users to access sensitive Helm release data, including secrets, tokens, and passwords, due to improper server-side caching...

6.9AI score
Exploits2
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.164 views

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure

This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...

7.1CVSS6.4AI score0.00147EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.157 views

📄 Adobe DNG SDK Linearize Out-Of-Bounds Read

A memory safety vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 that affects the Linearize image processing routine. When handling trimmed source images, the function erroneously performs operations using full image dimensions, resulting in an out‑of‑bounds read condition. This...

7.1CVSS7.4AI score0.00165EPSS
Exploits2
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.181 views

📄 IGEL OS Workspace Edition 11.10.430 Privilege Escalation

IGEL OS Workspace Edition version 11.10.430 suffers from a privilege escalation vulnerability. This vulnerability demonstrates how architectural trust in custom configuration frameworks can be abused to establish long-term persistence, even on systems designed to be non-persistent and hardened by...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.177 views

📄 FortiWeb Fabric Connector 7.6.x SQL Injection / Remote Code Execution

This proof of concept exploit demonstrates a pre-authentication remote SQL injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. The flaw allows unauthenticated attackers to achieve remote code execution through malicious SQL queries in the Authorization header...

9.8CVSS10AI score0.9671EPSS
Exploits18
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.144 views

📄 Adobe DNG SDK 1.5 Remote Delivery Integer Overflow

This exploit demonstrates practical real-world exploitation scenarios of the Adobe DNG SDK integer overflow vulnerability CVE-2025-64783 through third-party applications and network-based delivery mechanisms. Version 1.5 is affected...

7.8CVSS6.9AI score0.00172EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.157 views

📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking

HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.159 views

📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read

An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...

7.1CVSS6.5AI score0.00147EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/12/22 12:0 a.m.167 views

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read

This report details the creation of a specification-compliant, engineering-grade proof of concept file that reliably triggers the out-of-bounds read vulnerability documented as CVE-2025-64893 in Adobe DNG SDK versions 1.7.1 and below...

7.1CVSS6.5AI score0.00147EPSS
Exploits5
Rows per page
Query Builder