Lucene search
K
PacketstormMost viewed

50786 matches found

Packet Storm
Packet Storm
added 2021/04/07 12:0 a.m.645 views

Dell OpenManage Server Administrator 9.4.0.0 File Read

Exploit Title: Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read Date: 4/27/2020 Exploit Author: Rhino Security Labs Version: :' exit This XML to imitate a Dell OMSA remote system comes from https://www.exploit-db.com/exploits/39909 Also check out...

6.4CVSS0.48332EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/02/17 12:0 a.m.645 views

Billing Management System 2.0 SQL Injection

Exploit Title: Billing Management System 2.0 - 'email' SQL injection Auth Bypass Date: 2021-02-16 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software: Billi...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.645 views

Millewin 13.39.028 Unquoted Service Path / Insecure Permissions

Exploit Title: Millewin - Local Privilege Escalation Date: 2021-02-07 Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link:...

0.4AI score0.05794EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/11/20 12:0 a.m.644 views

Jorani Leave Management System 1.0.2 Host Header Injection

Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested...

7.5AI score0.00757EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/07/11 12:0 a.m.643 views

Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial Of Service

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path traversal bypass & Denial of service product: Kyocera TASKalfa 4053ci printer vulnerable version: TASKalfa 4053ci Version = 2VGS000.002.561 fixed version:...

7.1AI score0.73354EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/10/31 12:0 a.m.643 views

HealthMonitor 3.1 Unquoted Service Path

Exploit Title: HealthMonitor 3.1 - Unquoted Service Path Discovery by: yunaranyancat Discovery Date: October 2020 Vendor Homepage: https://sourceforge.net/projects/healthmonitor/ Software Link :...

Exploits0
Packet Storm
Packet Storm
added 2015/03/12 12:0 a.m.643 views

ElasticSearch Unauthenticated Remote Code Execution

!/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set editing-mode vi' version = "20150309.1" def banner: print...

7.5CVSS0.4AI score0.99906EPSS
Exploits19
Packet Storm
Packet Storm
added 2024/03/27 12:0 a.m.642 views

WordPress Bricks Builder Theme 1.9.6 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated RCE in Bricks Builder Theme', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in t...

7.4AI score0.88234EPSS
Exploits18
Packet Storm
Packet Storm
added 2021/11/27 12:0 a.m.642 views

Email-Worm.Win32.Deltad Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/33f1dc8cf5987751ac0f063601f1c324.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Deltad Vulnerability: Insecure Permissions Description: The malware writes an .EXE...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/24 12:0 a.m.642 views

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo...

7.5CVSS0.1AI score0.99964EPSS
Exploits174
Packet Storm
Packet Storm
added 2020/09/16 12:0 a.m.642 views

Mida Solutions eFramework ajaxreq.php Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mida Solutions eFramework ajaxreq.php Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Mida...

10CVSS0.4AI score0.98239EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.641 views

Palo Alto Deep Packet Inspection Data Exfiltration

Palo Alto firewalls allow for exfiltration of data via multiple egress methodologies. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 3 vulnerabilities in Palo Alto Deep Packet Inspection mechanism Advisory URL:...

7.5CVSS7.4AI score0.03339EPSS
Exploits1
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.641 views

WordPress 4.2.4 XMLRPC GHOST Vulnerability Scanner

WordPress version 4.2.4 XMLRPC GHOST vulnerability scanning script that checks to see if an instance is vulnerable. ============================================================================================================================================= | Title : WordPress 4.2.4 XMLRPC GHOST...

10CVSS7.2AI score0.94859EPSS
Exploits29
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.641 views

Supermicro X9 Buffer Overflow Scanner

Supermicro X9 generation motherboards before SMT X9 317 overflow scanner that checks for two flaws that date back to 2013 related to IPMI. ============================================================================================================================================= | Title :...

10CVSS7.7AI score0.71929EPSS
Exploits10
Packet Storm
Packet Storm
added 2024/08/08 12:0 a.m.641 views

Open WebUI 0.1.105 File Upload / Path Traversal

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal Title: Open WebUI Arbitrary File Upload + Path Traversal Advisory ID: KL-001-2024-006 Publication Date: 2024.08.D06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected...

8.8CVSS7.1AI score0.01003EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/10/22 12:0 a.m.641 views

Jetty 9.4.37.v20210219 Information Disclosure

Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Date: 2021-10-21 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and...

5.3CVSS6.6AI score0.82371EPSS
Exploits7
Packet Storm
Packet Storm
added 2018/08/10 12:0 a.m.641 views

Oracle Weblogic Server Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE', 'Description' = %q An unauthenticated attacker with network...

7.5CVSS0.8AI score0.99448EPSS
Exploits69
Packet Storm
Packet Storm
added 2025/03/07 12:0 a.m.640 views

D Tale 3.10.0 Remote Command Execution

D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...

9.8CVSS7.7AI score0.77951EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/07/17 12:0 a.m.640 views

Simple Startup Manager 1.17 Buffer Overflow

Exploit Title: Simple Startup Manager 1.17 - 'File' Local Buffer Overflow PoC Exploit Author: PovlTekstTV Date: 2020-07-15 Vulnerable Software: Simple Startup Manager Software Link Download: http://www.ashkon.com/download/startup-manager.exe Version: 1.17 Vulnerability Type: Local Buffer Overflow...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/16 12:0 a.m.640 views

Gila CMS 1.11.8 SQL Injection

Exploit Title: Gila CMS 1.11.8 - 'query' SQL Injection Date: 2020-06-15 Exploit Author: Carlos Ramírez L. BillyV4 Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/releases/tag/1.11.8 Version: Gila 1.11.8 Tested on: Gila 1.11.8 CVE : CVE-2020-5515 import request...

6.5CVSS0.5AI score0.26546EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/02/28 12:0 a.m.639 views

js2py 0.74 Code Execution

js2py version 0.74 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : js2py versions 0.74 Code Injection Vulnerability | | Author : indoushka | | Teste...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/09 12:0 a.m.638 views

Metabase Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metabase Setup Token RCE', 'Description' = %q Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even...

9.8CVSS7.1AI score0.97924EPSS
Exploits36
Packet Storm
Packet Storm
added 2020/09/30 12:0 a.m.638 views

Cisco AnyConnect Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco AnyConnect Privilege Escalations CVE-2020-3153 and CVE-2020-3433', 'Description' = %q The installer component of Cisco AnyConnect Secure...

7.2CVSS0.9AI score0.28307EPSS
Exploits16
Packet Storm
Packet Storm
added 2020/07/17 12:0 a.m.638 views

PMB 5.6 Cross Site Scripting

Exploit Title: PMB 5.6 Cross Site Scripting XSS Google Dork: inurl:opaccss Date: 20-04-2020 Exploit Author: 41-trk Tarik Bakir Email: tarikbak999atgmail.com Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : alert1&critical=1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/18 12:0 a.m.638 views

Code Blocks 17.12 Local Buffer Overflow

Exploit Title: Code Blocks 17.12 - 'File Name' Local Buffer Overflow Unicode SEH PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/17.12/Windows/codeblocks-17.12-setup.exe/download Exploit Author: Paras Bhatia...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/12 12:0 a.m.638 views

Frigate Professional 3.36.0.9 Buffer Overflow

Exploit Title: Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-04 Vulnerable Software: Frigate...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.637 views

Rite CMS 2.2.1 Remote Code Execution

Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Date: 2020-07-03 Exploit Author: H0j3n Vendor Homepage: http://ritecms.com/ Software Link: http://sourceforge.net/projects/ritecms/files/ritecms2.2.1.zip/download Version: 2.2.1 Tested on: Linux Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/10/04 12:0 a.m.637 views

BIND 9 DNS Server Denial Of Service

import socket import struct TARGET = '192.168.200.10', 53 QA = 1 QTSIG = 250 DNSMESSAGEHEADERLEN = 12 def buildbindnukequestion="\x06google\x03com\x00", udpsize=512: queryA = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16QA + "\x00\x01" sweetspot = udpsize -...

7.8CVSS0.1AI score0.89482EPSS
Exploits7
Packet Storm
Packet Storm
added 2025/01/30 12:0 a.m.635 views

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF

MySchool version 1.0 suffers from remote SQL injection, php code injection, cross site request forgery, and cross site scripting vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/12 12:0 a.m.635 views

Cloud Filter Arbitrary File Creation / Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP', 'Description' = %q The Cloud Filter driver, cldflt.sys, on Windows 10 v1803 and later,...

7.2CVSS0.4AI score0.13958EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/11/17 12:0 a.m.635 views

Medical Center Portal Management System SQL Injection

Exploit Title: Medical Center Portal Management System - SQL Injections Date: 2020-11-16 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/09 12:0 a.m.635 views

Atlassian Products Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status vulnerable...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.634 views

PrusaSlicer 2.6.1 Arbitrary Code Execution

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Date: 16/01/2024 Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and...

7.4AI score0.0072EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/01/13 12:0 a.m.634 views

FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities found in FiberHome HG6245D routers" is posted here: https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html === text-version of the advisory =...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/29 12:0 a.m.634 views

HPE Edgeline Infrastructure Manager Improper Authorization

!/usr/bin/python -- coding: UTF-8 -- billhader.py HPE Edgeline Infrastructure Manager Multiple Remote Vulnerabilities Jeremy Brown jbrown3264/gmail Dec 2020 In \opt\hpe\eim\containers\api\eim\api\urls.py, some private paths are defined which are intended to only be accessible via the local consol...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/17 12:0 a.m.634 views

EgavilanMedia User Registration And Login System With Admin Panel SQL Injection

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass Date: 17-11-2020 Exploit Author: Kislay Kumar Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/user-registration-and-login-system-with-admin-pane=l/ Version:...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/20 12:0 a.m.634 views

Directory Management System (DMS) 1.0 SQL Injection

Exploit Title: Directory Management System DMS 1.0 - Authentication Bypass Date: 2020-07-20 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Software Link:...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/03 12:0 a.m.633 views

Complaints Report Management System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/06/13 12:0 a.m.632 views

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rejetto HTTP File Server HFS Unauthenticated Remote Code Execution', 'Description' = %q The Rejetto HTTP File Server HFS version 2.x is vulnerabl...

7.4AI score0.99485EPSS
Exploits20
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.632 views

F5 BIG-IP TMUI AJP Smuggling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

9.8CVSS7.1AI score0.96515EPSS
Exploits17
Packet Storm
Packet Storm
added 2020/11/27 12:0 a.m.632 views

WordPress Age Gate 2.13.4 Open Redirect

Exploit Title: URL Redirection to Untrusted Site 'Open Redirect' Age Gate Wordpress Plugin = 2.13.4 Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://agegate.io/ Software Link: https://wordpress.org/plugins/age-gate/ Version: = 2.13.4 Tested on: Latest Version of Deskto...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/13 12:0 a.m.631 views

Wattsense Bridge 6.x Remote Root / Information Disclosure

Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...

9.8CVSS7.3AI score0.00663EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/12/22 12:0 a.m.631 views

Craft CMS 4.4.14 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits Remote Code Execution vulnerability CVE-2023-41892 ...

10CVSS7.4AI score0.92918EPSS
Exploits10
Packet Storm
Packet Storm
added 2021/12/28 12:0 a.m.631 views

ManageEngine ServiceDesk Plus Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus CVE-2021-44077', 'Description' = %q This module exploits CVE-2021-44077, an unauthenticated remote code execution...

9.8CVSS0.2AI score0.93514EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/06/23 12:0 a.m.631 views

F5 BIG-IQ VE 8.0.0-2923215 Remote Root

F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...

7.1AI score0.05346EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/11/18 12:0 a.m.631 views

Avaya Web License Manager XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Blind Out-Of-Band XML External Entity Injection Authenticated product: Avaya Web License Manager vulnerable version: 6.x, 7.0 through 7.1.3.6, 8.0 through 8.1.2.0.0 fixed...

0.03501EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/11/16 12:0 a.m.631 views

Water Billing System 1.0 SQL Injection

Exploit Title: Water Billing System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor: https://www.sourcecodester.com/php/14560/water-billing-system-phpmysqli-full-source-code.html Version: 1.0 Tested on: Apache2 an...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/15 12:0 a.m.630 views

WordPress Popular Posts 5.3.2 Shell Upload

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

Exploits0
Packet Storm
Packet Storm
added 2021/08/06 12:0 a.m.629 views

Backdoor.Win32.Zdemon.10 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d12f38e959d70af76fd263aa1933033c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zdemon.10 Vulnerability: Unauthenticated Remote Command Execution Description: Zdemon...

Exploits0
Packet Storm
Packet Storm
added 2020/11/19 12:0 a.m.629 views

PESCMS TEAM 2.3.2 Cross Site Scripting

Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.pescms.com/ Software Link: https://github.com/lazyphp/PESCMS-TEAM Version: PESCMS Team 2.3.2 CVE: CVE-2020-28092 PESCMS Team 2.3.2 has multiple reflected XSS via the id...

6.4AI score0.02197EPSS
Exploits3
Total number of security vulnerabilities5000