Lucene search
K
PacketstormMost viewed

50738 matches found

Packet Storm
Packet Storm
added 2022/04/19 12:0 a.m.794 views

7-Zip 21.07 Code Execution / Privilege Escalation

Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kagan Capar Date: 2020-04-12 Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...

0.6AI score0.01523EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/06/16 12:0 a.m.794 views

10-Strike Bandwidth Monitor 3.9 Unquoted Service Path

Exploit Title: Bandwidth Monitor 3.9 - Unquoted Services Paths Exploit Author: Bobby Cooke Date: 2020-07-15 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version: version 3.9...

Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.793 views

RED-V Super Digital Signage System RXV-A740R Log Information Disclosure

RED-V Super Digital Signage System RXV-A740R Log Information Disclosure Vendor: RED-V S.R.L. Product web page: https://www.red-v.tv https://red-v.tv/digital-signage.html Affected version: Model name: RXV-A740R Android version: 5.1.1 Firmware version: 026 Player version: 7.8.6 Downloader version:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/12 12:0 a.m.791 views

Blackboard LMS 9.1 SP14 Cross Site Scripting

Document Title: =============== BlackBoard LMS 9.1 SP14 - Title Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/24 12:0 a.m.785 views

OpenCart 3.0.3.6 Cross Site Scripting

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.6 Tested on: Windows 10/Kali Linux Stor...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/21 12:0 a.m.784 views

Watch Queue Out-Of-Bounds Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watch Queue Out of Bounds Write', 'Description' = %q This module exploits a vulnerability in the Linux Kernel's watchqueue event notification...

7.8CVSS7.4AI score0.06197EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.784 views

Laravel Nova 3.7.0 Denial Of Service

Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...

Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.782 views

shopping.cart.cc.data.txt

Date: Mon, 19 Apr 1999 20:05:18 -0700 From: Joe To: [email protected] Subject: Shopping Carts exposing CC data Tomorrow April 20 1999 CNet's news.com should be running a story regarding various commercial and freeware shopping carts that, when installed incorrectly or when installed by amateur...

Exploits0
Packet Storm
Packet Storm
added 2020/11/20 12:0 a.m.781 views

Barco wePresent Insecure Firmware Image

KL-001-2020-009 : Barco wePresent Insecure Firmware Image Title: Barco wePresent Insecure Firmware Image Advisory ID: KL-001-2020-009 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-009.txt 1. Vulnerability Details Affected Vendor: Barco Affect...

8.7AI score0.01673EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/11/20 12:0 a.m.781 views

Wonder CMS 3.1.3 Cross Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux Stored Cross-site scriptingXSS: Stored XSS, also known as persistent XS...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/12 12:0 a.m.780 views

WordPress Good LMS 2.1.4 SQL Injection

Exploit Title: Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection Software Link: https://codecanyon.net/item/good-lms-learning-management-system-wp-plugin/9033850 Version: prefix . 'gdlrpayment '; 688- $sql .= 'WHERE id=' . $POST'id' . ' AND '; 689- $sql .=...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/04/21 12:0 a.m.780 views

OpenSSH s/key Weakness

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2007-04-21 Affected Software: openssh propably other implementations as well Affected ...

5CVSS9.5AI score0.02472EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/12/26 12:0 a.m.776 views

FreeSWITCH 1.10.10 Denial Of Service

FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: 1.10.11 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-02-freeswitch-dtls-hello-race - Vendor Security Advisory:...

7.4AI score0.01485EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/03/10 12:0 a.m.776 views

Dirty Pipe Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dirty Pipe Local Privilege Escalation via CVE-2022-0847', 'Description' = %q This exploit targets a vulnerability in the Linux kernel since 5.8,...

0.3AI score0.88106EPSS
Exploits100
Packet Storm
Packet Storm
added 2020/12/04 12:0 a.m.776 views

Composr CMS 10.0.34 Cross Site Scripting

Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Date: 3-12-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.34 Tested on: Windows 10/ Kali Linux Steps To Reproduce :- 1. Install the CM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/05 12:0 a.m.776 views

Visual Planning REST API 2.0 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49231 Link ==== https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-003/...

6.8AI score0.42898EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.774 views

Adult Video Script 3.0 File Inclusion

==================================================================================================================================== | Title : Adult Video Script 3.0 RFI /LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.774 views

Froxlor 0.10.16 Cross Site Scripting

Document Title: =============== Froxlor v0.10.16 CP - Customer Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2241 Release Date: ============= 2020-11-12 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/21 12:0 a.m.773 views

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...

9.1CVSS7.4AI score0.99999EPSS
Exploits26
Packet Storm
Packet Storm
added 2024/01/31 12:0 a.m.771 views

glibc qsort() Out-Of-Bounds Read / Write

Qualys Security Advisory For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort ======================================================================== Contents ========================================================================...

8.4CVSS7.4AI score0.04794EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.770 views

WildFly Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WildFly Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web...

5CVSS7.4AI score0.25082EPSS
Exploits6
Packet Storm
Packet Storm
added 2020/09/10 12:0 a.m.770 views

IlchCMS 2.1.37 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting in IlchCMS Affected Software: IlchCMS Affected Versions: 2.1.37 Vendor Homepage: https://www.ilch.de/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/16 12:0 a.m.770 views

Documalis Free PDF Editor Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Documalis Free PDF Editor', 'Description' = %qDocumalis Free PDF Editor is prone to a security vulnerability when open PDF files.When the...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/22 12:0 a.m.766 views

SUPREMO 4.1.3.2348 Privilege Escalation

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

0.6AI score0.0145EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/11/19 12:0 a.m.766 views

Nagios Log Server 2.1.7 Cross Site Scripting

Exploit Title: Nagios Log Server 2.1.7 - 'snapshotname' Persistent Cross-Site Scripting Date: 31.08.2020 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.nagios.com/ Software Link: https://www.nagios.com/products/nagios-log-server/ Version: 2.1.7 Tested on: Linux/ISO Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/09/15 12:0 a.m.765 views

ThinkAdmin 6 Arbitrary File Read

Exploit Title: ThinkAdmin 6 - Arbitrarily File Read Google Dork: N/A Date: 2020-09-14 Exploit Author: Hzllaga Vendor Homepage: https://github.com/zoujingli/ThinkAdmin/ Software Link: Before https://github.com/zoujingli/ThinkAdmin/commit/ff2ab47cfabd4784effbf72a2a386c5d25c43a9a Version: v6 =...

0.8AI score0.75881EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/05/07 12:0 a.m.763 views

LANCOM WLAN Controller Cross Site Scripting

Document Title: =============== LANCOM WLAN Controller - Multiple Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2196 Vulnerability Magazine:...

Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.762 views

Car Rental Management System 1.0 SQL Injection

Exploit Title: Car Rental Management System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.761 views

MOVEit SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MOVEit SQL Injection vulnerability', 'Description' = %q This module exploits an SQL injection vulnerability in the MOVEit Transfer web applicatio...

9.8CVSS7.1AI score0.99934EPSS
Exploits15
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.761 views

Kaa IoT Platform 1.2.0 Cross Site Scripting

Exploit Title: Kaa IoT Platform 1.2.0 Cross Site Scripting XSS Vulnerability Date: 2020-10-01 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.kaaproject.org/ Software Link: https://cloud.kaaiot.com/ Version: 1.2.0 Tested on: Kali Linux 2020.3 CVE: CVE-2020-26701 Proof Of Concept:...

5.6AI score0.00903EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.761 views

WordPress Rest Google Maps SQL Injection

Exploit Title: WordPress Rest Google Maps Plugin SQL Injection Google Dork: inurl:index.php?restroute=3D/wpgmza/ Date: 2020-09-09 Exploit Author: Jonatas Fil Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/developers Software Link: https://wordpress.org/plugins/wp-google-maps/...

7.5CVSS0.2AI score0.78699EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.761 views

Ignition Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated remote code execution in Ignition', 'Description' = %q Ignition before 2.5.2, as used in Laravel and other products, allows...

9.8CVSS0.99943EPSS
Exploits36
Packet Storm
Packet Storm
added 2021/03/26 12:0 a.m.760 views

Backdoor.Win32.Kwak.12 Authentication Bypass / Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34D.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kwak.12 Vulnerability: Port Bounce Scan Description: The backdoor runs an FTP server...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.760 views

MailDepot 2033 2.3.3022 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2020-037 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2033 2.3.3022 Tested Versions: 2033 2.3.3022 Vulnerability Type: Persistent Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer...

6.4AI score0.01032EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.757 views

Linux / Unix su Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Login to Another User with Su on Linux / Unix Systems', 'Description' = %q This module attempts to create a new login session by invoking the su...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/20 12:0 a.m.756 views

Barco wePresent Authentication Bypass

KL-001-2020-006 : Barco wePresent Authentication Bypass Title: Barco wePresent Authentication Bypass Advisory ID: KL-001-2020-006 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-006.txt 1. Vulnerability Details Affected Vendor: Barco Affected...

0.2AI score0.032EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/08/05 12:0 a.m.756 views

Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution

-- 1.0 Todor Donev mailto:[email protected] a...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/13 12:0 a.m.755 views

WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution

The newest WordPress patch includes fixes for 8 Medium-Severity security issues, several of which are trivial to exploit. WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/19 12:0 a.m.753 views

TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution

Title: TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.4.0 throu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/18 12:0 a.m.753 views

Cayin CMS NTP Server 11.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...

0.2AI score0.33874EPSS
Exploits8
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.751 views

Super Store Finder 3.3 Cross Site Scripting

Exploit type : XSS INJECTION Exploit title : Super Store Finder Add location XSS Injection Descriptions : XSS injection from adding store and reflected XSS in SQL error login page PHP Script affected : Super Store Finder | Mega Locator Plugin URI : http://www.superstorefinder.net/ Version : 3.3 a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.750 views

Comtrend AR-5387un Cross Site Scripting

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...

5.6AI score0.00954EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.748 views

JBoss Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Vulnerability Scanner', 'Description' = %q This module scans a JBoss instance for a few vulnerabilities. , 'Author' = 'Tyler Krpata', 'Zach...

9.8CVSS7.2AI score0.90713EPSS
Exploits47
Packet Storm
Packet Storm
added 2023/06/02 12:0 a.m.747 views

KesionCMS ASP 9.5 Add Administrator

==================================================================================================================================== | Title : KesionCMS ASP v9.5 Reinstall Add Admin Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/02 12:0 a.m.747 views

aSc TimeTables 2021.6.2 Denial Of Service

Exploit Title: aSc TimeTables 2021.6.2 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2021.6.2 Tested on: Windows 10 Home x64 STEPS Open the program aS...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/03 12:0 a.m.747 views

Joomla JomSocial 4.7.6 Cross Site Scripting

Exploit Title: Joomla JomSocial 4.7.6 Stored XSS Date: 03.11.2020 Author: Vincent666 ibn Winnie Software Link: https://www.jomsocial.com/demo Tested on: Windows 10 Web Browser: Mozilla Firefox,Google Chrome and Edge :Google Dorks: inurl:templates/jomsocial/ Blog :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/24 12:0 a.m.746 views

Seowon 130-SLC 1.0.11 Remote Code Execution

Exploit Title: Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE Authenticated Date: 5 Aug 2020 Exploit Author: maj0rmil4d Vendor Homepage: http://www.seowonintech.co.kr/en/ Hardware Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version: 1.0.11 Possibly al...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/04 12:0 a.m.746 views

IBM Websphere Application Server Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution', 'Description' = % This module exploits...

7.5CVSS0.3AI score0.06283EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/12/23 12:0 a.m.745 views

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload

Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...

9.8CVSS0.3AI score0.13514EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/02/10 12:0 a.m.743 views

QuickDate 1.3.2 SQL Injection

Exploit Title: QuickDate 1.3.2 - SQL Injection Dork: N/A Date: 2020-02-07 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:55.0...

7.4AI score
Exploits0
Total number of security vulnerabilities5000