Lucene search
K
PacketstormMost viewed

50784 matches found

Packet Storm
Packet Storm
added 2025/12/04 12:0 a.m.290 views

📄 phpMyFAQ 2.9.8 Cross Site Request Forgery

phpMyFAQ version 2.9.8 suffers from multiple cross site request forgery vulnerabilities. These are proof of concepts from issues stemming back in 2017. Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...

8.8CVSS7.1AI score0.01173EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/02/20 12:0 a.m.290 views

LTL Freight Quotes – TForce Edition 3.6.4 SQL Injection

LTL Freight Quotes – TForce Edition versions 3.6.4 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13478 LTL Freight Quotes – TForce Edition = 3.6.4 - Unauthenticated SQL Injection Description The LTL Freight Quotes – TForce Edition plugin for WordPress is...

7.5CVSS8.2AI score0.01125EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/02/07 12:0 a.m.290 views

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

8.8CVSS7.6AI score0.00888EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/10/02 12:0 a.m.290 views

Printing Business Records Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Printing Business Records Management System v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/27 12:0 a.m.290 views

Backdoor.Win32.Prorat.jz MVID-2024-0699 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Prorat.jz Vulnerability: Remote Stack Buffer Overflow SEH Description: The RAT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.290 views

Responsive Binary mlm 3.2.0 SQL Injection

==================================================================================================================================== | Title : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/25 12:0 a.m.290 views

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

9.8CVSS7.4AI score0.0136EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/09/18 12:0 a.m.290 views

Online Bus Ticket Booking Website 1.0 SQL Injection

============================================================================================================================================= | Title : online bus ticket booking Website v1.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.290 views

Webpay E-Commerce 1.0 Cross Site Scripting

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.290 views

Online Marriage Registration System 1.0 Shell Upload

============================================================================================================================================= | Title : Online Marriage Registration System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.290 views

Jenkins cli Ampersand Replacement Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins cli Ampersand Replacement Arbitrary File Read', 'Description' = %q This module utilizes the Jenkins cli protocol to run the help command...

9.8CVSS7.2AI score0.99999EPSS
Exploits46
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.290 views

SysAid Help Desk Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Arbitrary File Download', 'Description' = %q This module exploits two vulnerabilities in SysAid Help Desk that allows an...

8.5CVSS7AI score0.86643EPSS
Exploits10
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.290 views

SuiteCRM Authenticated SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM authenticated SQL injection in export functionality', 'Description' = %q This module exploits an authenticated SQL injection in SuiteCRM...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/18 12:0 a.m.290 views

Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Plugx Vulnerability: Insecure Permissions Family: Plugx Type: PE32 MD5:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/17 12:0 a.m.290 views

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw

Exploit Title: Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 Date: 6/2024 Exploit Author: Andrey Stoykov Version: 1.9.0.6 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html Description - It was found that the applicatio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/28 12:0 a.m.290 views

Event Management 1.0 SQL Injection

Exploit Title: Event Management - SQL Injection Application: Event Management Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://github.com/PuneethReddyHC Software Link: https://github.com/PuneethReddyHC/event-management Version:1.0 Attack Type: Remote Tested on...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/22 12:0 a.m.290 views

Golden FTP Server 2.02b Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Golden FTP Server 2.02b - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 21 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1AK6x0xKwjVZxoNHbCOIJsIiRAWeMmP0/view?usp=sharing Notification...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/09 12:0 a.m.290 views

AdvantechWeb/SCADA 9.1.5U SQL Injection

;; PostAuth SQLi in AdvantechWeb/SCADA 9.1.5U ;; ;; found: 28.12.2023 ;; ;; more: ;; https://code610.blogspot.com/2024/01/postauth-sqli-in-advantechwebscada-915u.html ;; POST /waconfig/api/odbc/getSystemLog HTTP/2 Host: 192.168.56.106 Cookie: serverLanguage=en;...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.290 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/02 12:0 a.m.290 views

Joomla JLex GuestBook 1.6.4 Cross Site Scripting

Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/ Demo: https://jlexguestbook.jlexart.com/ Teste...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/21 12:0 a.m.290 views

CMS TSS-EST 1.0.0 SQL Injection

==================================================================================================================================== | Title : CMS TSS-EST V1.0.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/08 12:0 a.m.290 views

Anuranan SBAdmin 2 Insecure Settings

==================================================================================================================================== | Title : Anuranan SBAdmin 2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 113.0.1 64...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/07 12:0 a.m.290 views

USB Flash Drives Control 4.1.0.0 Unquoted Service Path

Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Date: 2023-31-05 Exploit Author: Jeffrey Bencteux Vendor Homepage: https://binisoft.org/ Software Link: https://binisoft.org/wfc Version: 4.1.0.0 Tested on: Microsoft Windows 11 Pro Vulnerability Type: Unquoted Service Path P...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/05 12:0 a.m.290 views

Online Pizza Ordering System 1.0 Shell Upload

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...

9.8CVSS7.1AI score0.03624EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/05/03 12:0 a.m.290 views

phpMyFAQ 3.1.12 CSV Injection

Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/06 12:0 a.m.290 views

POLR URL 2.3.0 Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

9.3CVSS9.3AI score0.07164EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/01/10 12:0 a.m.290 views

Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection

----------------------------------------------------------------------------- Tiki Wiki CMS Groupware const popChain = 'O:25:"SearchElasticConnection":1:S:31:"\0...

0.1AI score0.01168EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/11/25 12:0 a.m.290 views

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan.Win32.DarkNeuron.gen Vulnerability: Named...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/19 12:0 a.m.290 views

Genesys PureConnect Cross Site Scripting

Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...

0.00723EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/09/07 12:0 a.m.290 views

Backdoor.Win32.Hupigon.aspg MVID-2022-0634 Unquoted Service Path

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/121bf601275e2aed0c3a6fe7910f9826.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aspg Vulnerability: Insecure Service Path Description: The malware...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/01 12:0 a.m.290 views

Classified Listing 2.2.9 Cross Site Scripting

Exploit Title: Classified Listing – Classified ads & Business Directory Plugin - Cross site scripting Date: 29.06.2022 Exploit Author: ASCII Vendor Homepage: https://www.radiustheme.com/ Version: 2.2.9 Tested on: 2.2.9 Classified Listing – Classified ads & Business Directory Plugin - Cross site...

Exploits0
Packet Storm
Packet Storm
added 2022/05/30 12:0 a.m.290 views

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root

!/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com | https://www.clipsal.com Product details: -...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.291 views

OpenBMCS 2.4 SQL Injection

OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Ou...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/01 12:0 a.m.290 views

Phpwcms 1.9.30 Cross Site Scripting

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/24 12:0 a.m.290 views

OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE ID: CVE-2021-31606 Subject: Authorization Bypass Severity: Medium Effect: Denial of Service Author: Emanuel Duss...

0.9AI score0.02448EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/09/10 12:0 a.m.290 views

Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.awm Vulnerability: Authentication Bypass - Information Leakage Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/20 12:0 a.m.290 views

Laundry Booking Management System 1.0 Cross Site Scripting

Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/20 12:0 a.m.290 views

WordPress KN Fix Your Title 1.0.1 Cross Site Scripting

Exploit Title: WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting XSS Date: 19/07/2021 Exploit Author: Aakash Choudhary Software Link: https://wordpress.org/plugins/kn-fix-your/ Version: 1.0.1 Category: Web Application Tested on Mac How to Reproduce this...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/12 12:0 a.m.290 views

SmartAgent 3.1.0 Privilege Escalation

Exploit Title: SmartAgent 3.1.0 - Privilege Escalation Date: 01-11-2021 Exploit Author: Orion Hridoy Vendor Homepage: https://www.smartagent.io/ Version: Build 3.1.0 Tested on: Windows 10/Kali Linux A Low grade user like ViewOnly can create an account with SuperUser permission. Steps To Reproduce...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.290 views

Meneame English Pligg 5.8 SQL Injection

Exploit Title: Meneame English Pligg 5.8 - 'search' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/meneame-english/ Software Link: https://master.dl.sourceforge.net/project/meneame/meneame/Beta%205.8/PliggBeta5.8.rar Version...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/11/05 12:0 a.m.290 views

blueimp jQuery Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "blueimp's jQuery Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload in the sample PHP upload handler for...

0.1AI score0.97107EPSS
Exploits15
Packet Storm
Packet Storm
added 2016/09/22 12:0 a.m.290 views

Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption

SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been developed as well but will not be released for now. Blog:...

7.5CVSS0.9AI score0.53166EPSS
Exploits12
Packet Storm
Packet Storm
added 2025/11/24 12:0 a.m.289 views

📄 Flowise JS Injection Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.6. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

10CVSS9.2AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2024/09/02 12:0 a.m.289 views

Free Hospital Management System For Small Practices 1.0 CSRF

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/07/25 12:0 a.m.289 views

Ingredient Stock Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Ingredient Stock Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/03 12:0 a.m.289 views

SOPlanning 1.52.00 Cross Site Scripting

Exploit Title: SOPlanning v1.52.00 'groupesave.php' XSS Reflected XSS Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/18 12:0 a.m.289 views

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/11 12:0 a.m.289 views

PHPJabbers Car Park Booking System 3.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Car Park Booking System v3.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-park-booking/sectionDemo Version: v3.0 Tested on:...

7.4AI score0.00325EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/10/02 12:0 a.m.289 views

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/21 12:0 a.m.289 views

Emaar Real Estate Agency Directory System 5.7 Shell Upload

==================================================================================================================================== | Title : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

7.1AI score
Exploits0
Total number of security vulnerabilities5000